[12892] in bugtraq
Re: FTP denial of service attack
daemon@ATHENA.MIT.EDU (antirez@INVECE.ORG)
Wed Dec 8 23:26:42 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19991207191737.D774@nagash.suidshell.net>
Date: Tue, 7 Dec 1999 19:17:37 +0100
Reply-To: antirez@invece.org
From: antirez@INVECE.ORG
X-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <199912071229.XAA13996@cairo.anu.edu.au>; from
avalon@COOMBS.ANU.EDU.AU on Tue, Dec 07, 1999 at 11:29:56PM +1100
On Tue, Dec 07, 1999 at 11:29:56PM +1100, Darren Reed wrote:
> Who has more free file descriptors & network ports, you or the ftp server ?
Using raw sockets it's possible to simulate a lot of descriptors/open ports.
You just needs to drop outgoing RST in order to implement your
ftpd-dos-oriented TCP/IP micro-stack with a minimal memory requirement.
In a word: the attacker has more free file descriptors & network ports every
times the exploit just do a simple operation such USER/PASS authentication.
This isn't true only for this attack but for many others and results in the
ability to perform this kind of DoS against a very big server using little
resources.
antirez
