[16253] in North American Network Operators' Group
No subject found in mail header
daemon@ATHENA.MIT.EDU (Gus Huber)
Thu Apr 16 16:51:51 1998
Date: Thu, 16 Apr 1998 15:15:19 -0500 (CDT)
From: Gus Huber <gus@pbx.org>
To: Kyle Cronan <kyle@pbx.org>
cc: nanog@merit.edu
In-Reply-To: <Pine.SUN.3.91.980416230629.14113v-100000@virgin.relcom.eu.net>
While reading threads on the list I'm cc'ing this message to, I thought of
a similar attack to smurf, that could be a problem based on SMURF attacks.
ICMP isn't the only services that can be potentialy exploited via his bug,
UDP could be a huge player too. For example those of you familiar with
SMB might be able to deduce what I am getting at. Just a little test I
did today.
dialin:> nmblookup -B broadcast.mydomain.com \* <hidden to protect the
innocent>
Well then I went to my packet loging facilities.
Since the class c that I send the broadcast was primarily windows machines
I got approximately 200 replys to this one udp packet. It seems to me
that this could be allmost as big of a player as smurf if executed
tactfuly. Some common UDP services can be fooled into sending back many
more packets than you send in, especialy on windows machines. I sent this
to this list in hopes it would be dealt with before widespread exploit of
it could take place.
Gus Huber <gus@pbx.org>
