ping -i (TTL) Vulnerability

[-No Strezzz Cazzz <Butterphly6 () cazzz demon nl>]

A funny (local and possibly remote too) bug in command.com.

If you set the -i option (TTL) to 0, in a ping, a funny bug gets triggered
that'll wh00p your CPU Usage to 100%. That is if you also set the -t option
(Ping the specified host until interrupted). Your command.com shell will get
flooded with "Bad option specified" messages. In example: a normal ping -t
would put your CPU usage to about 3%. When you're done (Ctrl-c) and you want
to close your command.com you'll get the following message: "This Windows
application cannot respond to the End Task request. It may be busy, waiting
for a response from you, or it may have stopped executing". This indicates
that its still busy on the background, I could not discover with what.

Try it:  C:\>ping -t 127.0.0.1 -i 0
That should do the trick.

This is tested from NT4 Workstation, Service Pack 4.

No doubt this bug should also be able to be triggered from a remote location
and cause panic on your network/servers. We're also pretty sure that this
bug should be able to cause way more hav0c. As matter of fact we're
performing tests as we speak. Care to help us out? Mail us your suggestions
at:

Special_Projects () cazzz demon nl  (The Lab)

Industrial_Strength () cazzz demon nl  (The Exploiters)

Another fine Planet Cazzz Production/Advisory, in assosiation with The
Nations Top. We cannot be held responsible for your actions, but you can
try. PCP/A #0002 (pr0ph).

We want to say hell0 to all the Crackers, the Hackers and the Phreax. We
want to say hell to all the people in this place. We want to say hell0 to
all the Sinners and 31337. We say hell0 to all the people in the world...



-No Strezzz Cazzz, Powered By UN0X =]

If TCP/IP is the Pavement, HTTP is Cazzzoline...