Re: Possible MultiNet FTP server DoS problem.

[lnapier () CISCO COM (Lisa Napier)]

Hi,

Unfortunately, none of my VMS machines are available to the outside world,
but I was able to confirm a problem on MultiNet version 4.0C.  In our
testing we were not able to crash the machine, though we did see the
problem you describe.  I'll work with version 4.2 a bit later today, but
expect the same behavior.

In discussing with colleagues what would theoretically happen, using up all
the channels *could* result in the machine falling over, but it would
simply reload & come right back up with services available.  Annoying and
disruptive, but not terminal.  This is theory only -- as I said, in testing
I was not able to crash the system.

Are you willing to share your exploit, and allow me to test for you &
report back the results?

I'm also running a MultiNet FTP server on Win95, but it's not really the
same.:)

Also, have you reported the problem to Process, who now owns MultiNet?

Thanks,

Lisa Napier
Product Security Incident Response Team
Cisco Systems

At 01:54 PM 12/21/1999 +0300, CyberPsychotic wrote:
> Hey,
>  Anyone runs MultiNet FTP server on VMS and don't mind to let me test
> out if the problem I found recently really could drive the machine to
> crash? This ftp daemon doesn't timeout/close connection when before it
> authenticates user, which seems to be quite serious problem until VMS has
> some sort of iternal protection against too many opened connections. I've
> done some code to perform quick tests but don't feel like bothering random
> internet boxens :)
>
> cheers,
> -F