The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


portmap 4.0-8 DoS


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
X-RDate: Mon, 06 Apr 1998 10:08:16 +0600 (ESD)
Date: Wed, 1 Apr 1998 17:42:33 +0200
From: Michal Zalewski <[email protected]>
To: [email protected]
Subject: portmap 4.0-8 DoS

It's possible to perform DoS attack by sending small amount of junk to
tcp port 111 of machine running portmap 4.0 (and older). Simple exploit
follows (only to send a few random 8-bit chars):

  telnet -E victim.com 111 </dev/random

It will affect specific operations/services on attacked host, like login -
depending on system speed, login attempt on idle machine (LA=0.01, Linux
2.0.x, x86) will take from over 10 seconds (k6/200MHz) to long minutes
(486dx/80MHz). During attack, many select() calls will fail (timeout),
so complex programs will become much slower (especially when resolving
domain names :), but LA will not change significally.

Smarter attacks (without /dev/random) are probably much more effective.

-- Nergal, nie obraziles sie chiba :?
_______________________________________________________________________
Michal Zalewski [[email protected]] <= finger for pub PGP key
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
[echo "\$0&\$0">_;chmod +x _;./_] <=------=> [tel +48 (0) 22 813 25 86]

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру