[12973] in bugtraq
Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70
daemon@ATHENA.MIT.EDU (Tim)
Wed Dec 15 13:31:34 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-Id: <4.2.1.19991215083255.017f8210@students.uiuc.edu>
Date: Wed, 15 Dec 1999 09:16:01 -0600
Reply-To: Tim <yardley@UIUC.EDU>
From: Tim <yardley@UIUC.EDU>
X-To: Ussr Labs <labs@USSRBACK.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <NCBBKFKDOLAGKIAPMILPGEHBCBAA.labs@ussrback.com>
Maybe I am missing something, but after looking at the ASM code that ussr
provided, it seems as if they are just doing a standard "connection
flood". I see absolutely nothing significant or specific to WarFTPD
here. The same type of attack would affect any number of FTP servers when
done from a fast enough link. In other words, the good ole' hose + a tiny
fragment of code to actually send a username/pass is all that is needed to
duplicate this.
The only denial of service I see here is a "max connections" problem. This
would be harder to combat if the attack cam from random ip's... but that is
not the case in this instance. So, did I miss something in this case?
/tmy
At 06:41 PM 12/14/1999, Ussr Labs wrote:
>Strange, no body report this problem only you :(, the war ftp deamnon stop
>responding wen reseive lots of incomming connections, the porgram no CRASH
>just only stop responding.
>
>u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h
>http://www.ussrback.com
>
>
>
>-----Original Message-----
>From: Malartre [mailto:malartre@videotron.ca]
>Sent: Tuesday, December 14, 1999 8:46 PM
>To: Ussr Labs
>Cc: BUGTRAQ@SECURITYFOCUS.COM
>Subject: Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70
>Vulnerability
>
>
>Ussr Labs wrote:
> >
> > Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability
>
>I am personnaly not able to reproduce this on my computer. I was using
>the program on the same computer that war-ftpd is.
>
>It's a Pentium 200 with win95b, no firewalls, nothing special.
>
>My cable-modem connection was down during the use of the program, but
>this is because I was flooding myself.
>
>After a minute or two, I closed the program and my connection was back
>and War FTP was ok.
>Thank You
>--
>[Malartre][malartre@videotron.ca]
-- Diving into infinity my consciousness expands in inverse
proportion to my distance from singularity
+-------- ------- ------ ----- ---- --- -- ------ --------+
| Tim Yardley (yardley@uiuc.edu)
| http://www.students.uiuc.edu/~yardley/
+-------- ------- ------ ----- ---- --- -- ------ --------+
