Vulnerability Development mailing list archives

Re: [kiss from Helisec] : testing sinn

From: John <johns () TAMPABAY RR COM>
Date: Sat, 17 Feb 2001 14:14:02 -0500

To my knowledge I thought Napatha was released on Jan. 27th 2001 by
Robert Keves. I saw it released on Packet Storm but, I did not see it on
Security Focus (or am I blind ;) ). Here is the description as follows
below.

naptha-1.1.tgz 5371 Jan 27 01:16:18 2001
Naptha v1.1 is a denial of service attack against many OS's which uses
established TCP connections to create a resource starvation attack. Includes
three tools - bogusarp makes a bogus entry in the router's arp cache so it
actually puts packets with our faked source address on the Ethernet,
synsend,
and srvr which replaces ackfin from Naptha 1.0. Tested against Windows 95,
98 and NT4 and more. Compiles on Linux 2.2.x, OpenBSD 2.7, FreeBSD 4.0.
Homepage: http://razor.bindview.com. By Robert Keyes

I have not tested this as I have not had the time to do so since the
release.

http://packetstorm.securify.com/0101-exploits/naptha-1.1.tgz
http://razor.bindview.com/
bkeyes () razor bindview com

----- Original Message -----
From: Helios Security (Helisec) <NIKEBOY () RETEMAIL ES>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Saturday, February 17, 2001 11:40 AM
Subject: [kiss from Helisec] : testing sinn


: i have tried sinn between two machines of my network. this is what i got:
:
:
: my_host:/users/Personal/docs/naphta#./sinnd 10.0.0.1 10.0.0.2 21 eth0
:
: my_host:/users/Personal/docs/naphta# ./sinn 10.0.0.1 21 10.0.0.2 21 1000
: Creating 1000 connections
: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
28
: 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
...
:
: my_host:/home$ ftp 10.0.0.2
: ftp: connect: Connection refused
: ftp>
:
: and the victim host didnt recover till i rebooted
:
: at first, i thought sinn and sinnd were working just fine, but after that
i
: tried not to run sinnd and repeat the attack with sinn, and got same
results.
: finally, i tried a little shell script that opened multiple connections to
: ftp port, and same results. so, nothing to do with sinn.
:
: we'll have to wait till naphta is released :)
:
: _kiss_

Current thread:

[kiss from Helisec] : testing sinn Helios Security (Helisec) (Feb 17)
- Re: [kiss from Helisec] : testing sinn John (Feb 17)
- Naptha's code finally released (was: Re: [kiss from Helisec] : testing sinn) Bruno Morisson (Feb 17)
  - Re: Naptha's code finally released (was: Re: [kiss from Helisec] : testing sinn) Simple Nomad (Feb 19)