Vulnerability Development mailing list archives
Re: Win2k and /dev/zero
From: pete () S3 INTEGRALIS CO UK (Pete Philips)
Date: Thu, 6 Jul 2000 10:07:56 +0100
Pete Philips wrote:
Anyone tried the Firewall-1 variation?Sending a stream of binary zeros over the network to the SMTP port on the firewall raises the target system's load to 100% while the load on the attacker's system machine remains relatively low. This can easily be reproduced from a Linux system using netcat with an input of /dev/zero, with a command such as "nc firewall 25 < /dev/zero".
Replying to my own message... I found some further information over on the Firewall-1 mailing list: "Olaf Selke" <Olaf.Selke () mediaWays net> wrote:
I can confirm this DOS for 4.1 SP1+Hotfix (Build 41603) and 4.0 SP6 (Build 4156), both on Solaris. Obviously $FWDIR/log/asmtpd.elg respectively $FWDIR/log/asmtpd.log are growing like hell with many MB each minute during such an attack. Maybe all cpu cycles are eaten up by in.asmtpd for logging. Don't know if it's possible to disable this.
Pete. --------------------------------------------------------------- | Pete Philips \|/ | | Integralis S3 Team O | | E-mail: pete.philips () integralis co uk | | Phone: +44 118 930 6060 | | PGP Key: http://www.s3.integralis.co.uk/pgp/pete.pgp | ---------------------------------------------------------------
Current thread:
- Win2k and /dev/zero Pete Philips (Jul 03)
- Re: Win2k and /dev/zero Pete Philips (Jul 06)