Re: Win2k and /dev/zero

[pete () S3 INTEGRALIS CO UK (Pete Philips)]

Pete Philips wrote:
> Anyone tried the Firewall-1 variation?
>
> > Sending a stream of binary zeros over the network to the SMTP port on the firewall
> > raises the target system's load to 100% while the load on the attacker's
> > system machine remains relatively low.  This can easily be reproduced from
> > a Linux system using netcat with an input of /dev/zero, with a command such as
> > "nc firewall 25 < /dev/zero".

Replying to my own message... I found some further information
over on the Firewall-1 mailing list:

"Olaf Selke" <Olaf.Selke () mediaWays net> wrote:
> I can confirm this DOS for 4.1 SP1+Hotfix (Build 41603) and 4.0 SP6
> (Build 4156), both on Solaris. Obviously $FWDIR/log/asmtpd.elg
> respectively $FWDIR/log/asmtpd.log are growing like hell with many
> MB each minute during such an attack. Maybe all cpu cycles are eaten up
> by in.asmtpd for logging. Don't know if it's possible to disable this.

Pete.

 ---------------------------------------------------------------
|   Pete Philips                                           \|/  |
|   Integralis S3 Team                                      O   |
|   E-mail:  pete.philips () integralis co uk                      |
|   Phone:   +44 118 930 6060                                   |
|   PGP Key: http://www.s3.integralis.co.uk/pgp/pete.pgp        |
 ---------------------------------------------------------------