Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ping-i (TTL) Vulnerability

From: -No Strezzz Cazzz <Butterphly6 () cazzz demon nl>
Date: Sat, 24 Feb 2001 19:18:47 -0000
On Thu, 22 Feb 2001, -No Strezzz Cazzz wrote:


On Wed, 21 Feb 2001 21:51:12 UTC, rpc said:


What you define below does not constitute a 'remote attack'. ping is
still executing locally. This is completely unrelated. I could just as
easily DoS the machine by creating 1e16 instances of minesweeper with
remote command execution.


I thought that when a bug could get triggered from a remote location the

bug

itself is considered a remote-bug. In this case its a remote aswell as a
local bug. I want a p0ny...


You're completely missing rpc's point. You didn't win a pony, this is not a
bug. The -unicode- exploit is a bug, but being able to ping flood yourself
is certainly not. If this were the case then 'ping -f 127.0.0.1' would be a
bug under *Nix.


Difference is that ping -f on *Nix or ping -t on Windows won't make your CPU
go wild. When I use ping -t without the "-i 0" option my CPU
Usage is about 2%-3%. But if I ping -t with -i 0 my CPU Usage will be 100%.
Don't tell me this is normal behaviour for a processor. Also if it was true
what you said then why can't you put the -i option on 0 on Win 9x, ME, NT5?



The 'ping -i' thingie you found is nothing more than a plain-jane,
run-of-the-mill PING FLOOD. It's NORMAL. It's SUPPOSED to work this way. If
you want to throw packets at your own machine as fast as it possibly can,
then knock yourself and your machine out.


If it was normal it wouldn't generate the "Bad option specified" message.
Also the -i is the Time To Live option. When you put that on 0 it doesn't
"live", it never lived, its dead. It also works if you put the -i option on
a letter instead of 0. But if you try any different number (256+) you'll get
the "Bad value for option -i" error. But you won't get flooded with it, you
only receive it once.


'ping -t 127.0.0.1 -i 0' is NOT a bug. It's called "Typical lUser not
bothering to RTFM".


I was too thrilled. Oh well, maybe I get a p0ny next Christmas.


-No Strezzz Cazzz, Powered By UN0X
Previous By Date Next
Previous By Thread Next

Current thread: