Re: ping -i (TTL) Vulnerability

[Damian Menscher <menscher () uiuc edu>]

On Wed, 21 Feb 2001, -No Strezzz Cazzz wrote:

> A funny (local and possibly remote too) bug in command.com.
>
> If you set the -i option (TTL) to 0, in a ping, a funny bug gets triggered
> that'll wh00p your CPU Usage to 100%. That is if you also set the -t option
> (Ping the specified host until interrupted). Your command.com shell will get
> flooded with "Bad option specified" messages. In example: a normal ping -t
> would put your CPU usage to about 3%. When you're done (Ctrl-c) and you want
> to close your command.com you'll get the following message: "This Windows
> application cannot respond to the End Task request. It may be busy, waiting
> for a response from you, or it may have stopped executing". This indicates
> that its still busy on the background, I could not discover with what.
>
> Try it:  C:\>ping -t 127.0.0.1 -i 0
> That should do the trick.
>
> This is tested from NT4 Workstation, Service Pack 4.

Just a basic ping-flood on yourself.  Yes, it raises load to 100%, but
stops as soon as you press ^C (NT4 SP6).

> No doubt this bug should also be able to be triggered from a remote location
> and cause panic on your network/servers. We're also pretty sure that this
> bug should be able to cause way more hav0c. As matter of fact we're
> performing tests as we speak. Care to help us out? Mail us your suggestions
> at:

No doubt that this would do absolutely nothing from a remote location.

[ silly gr33tz snipped ]

Damian Menscher
--
--==## Grad. student & Sys. Admin. @ U. Illinois at Urbana-Champaign ##==--
--==## <menscher () uiuc edu> www.uiuc.edu/~menscher/ Ofc:(217)333-0038 ##==--
--==## Physics Dept, 1110 W Green, Urbana IL 61801 Fax:(217)333-9819 ##==--