Re: ping -i (TTL) Vulnerability

["Leo R. Lundgren" <leo () FINALRESORT ORG>]

just as a sidenote (maybe irrelevant but whatever.. :), ping doesnt utilise
more than one cpu on for example an nt4 sp5, so even if itd b as tragic as
the initiators of this post suggests, it wouldnt b of much use on an SMP
(Symmetric Multi Processing, systems with > 1 CPU) server/system..

<!-- hide lame stuff from normally intelligent people
  reet greets goes to m0nark ;)
-->

_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
_/
_/  Leo R. Lundgren aka rAWTAZ
_/
_/  Web: http://www.finalresort.org - Enterprise site
_/  Web: http://reUnion.finalresort.org - reUnion 2001
_/
_/  E-mail: leo () finalresort org
_/  Cellular: +46 (0)70 26 75 619
_/
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/>Hmm.
> While I get the 100% CPU, I have no problem stopping the task and closing
> the command prompt.
>
> Since ping -t is going to run as fast as it can, and since you're giving it
> invalid parameters such that it just runs again after failing, it makes
> sense that the CPU would go to 100% with the "-t" option specified.
>
> Try using ping -t host -r 0.  You'll get the same result.
>
> Cheers
> Jeff Oliver
> NetMeasure Technology Inc.
>
>
> -----Original Message-----
> From: -No Strezzz Cazzz [mailto:Butterphly6 () CAZZZ DEMON NL]
> Sent: February 20, 2001 8:25 PM
> To: VULN-DEV () SECURITYFOCUS COM
> Subject: ping -i (TTL) Vulnerability
>
>
> A funny (local and possibly remote too) bug in command.com.
>
> If you set the -i option (TTL) to 0, in a ping, a funny bug gets triggered
> that'll wh00p your CPU Usage to 100%. That is if you also set the -t option
> (Ping the specified host until interrupted). Your command.com shell will get
> flooded with "Bad option specified" messages. In example: a normal ping -t
> would put your CPU usage to about 3%. When you're done (Ctrl-c) and you want
> to close your command.com you'll get the following message: "This Windows
> application cannot respond to the End Task request. It may be busy, waiting
> for a response from you, or it may have stopped executing". This indicates
> that its still busy on the background, I could not discover with what.
>
> Try it:  C:\>ping -t 127.0.0.1 -i 0
> That should do the trick.
>
> This is tested from NT4 Workstation, Service Pack 4.
>
> No doubt this bug should also be able to be triggered from a remote location
> and cause panic on your network/servers. We're also pretty sure that this
> bug should be able to cause way more hav0c. As matter of fact we're
> performing tests as we speak. Care to help us out? Mail us your suggestions
> at:
>
> Special_Projects () cazzz demon nl  (The Lab)
>
> Industrial_Strength () cazzz demon nl  (The Exploiters)
>
> Another fine Planet Cazzz Production/Advisory, in assosiation with The
> Nations Top. We cannot be held responsible for your actions, but you can
> try. PCP/A #0002 (pr0ph).
>
> We want to say hell0 to all the Crackers, the Hackers and the Phreax. We
> want to say hell to all the people in this place. We want to say hell0 to
> all the Sinners and 31337. We say hell0 to all the people in the world...
>
>
>
> -No Strezzz Cazzz, Powered By UN0X =]
>
> If TCP/IP is the Pavement, HTTP is Cazzzoline...