[14832] in bugtraq
Re: Denial of service attack against tcpdump
daemon@ATHENA.MIT.EDU (Donald McLachlan)
Sun May 7 17:42:13 2000
Message-Id: <200005071529.LAA13489@obelix.dgrc.crc.ca>
Date: Sun, 7 May 2000 11:29:04 -0400
Reply-To: Donald McLachlan <don@MAINFRAME.DGRC.CRC.CA>
From: Donald McLachlan <don@MAINFRAME.DGRC.CRC.CA>
X-To: BUGTRAQ@SECURITYFOCUS.COM, dr@DURSEC.COM
To: BUGTRAQ@SECURITYFOCUS.COM
It is not the -n option which defeats dnsloop.c, but the -q option.
running:
> tcpdump -n host XXX
tcpdump: listening on hme0
and then from host XXX running dnsloop against that host:
./dnsloop YYYY
dnsloop.c by Hugo Breton (bretonh@pgci.ca)
packet sent to host YYYY
tcpdump reports:
11:23:33.553624 142.92.38.51.35520 > 142.92.38.223.53: 61094 A?
and is hung. When they say quiet mode, that means with the -q option.
when run with the -q option tcpdump reports:
11:26:16.417969 XXX.35521 > YYYY.domain: udp 18 (DF)
and does not hang. Problem is you loose most of the useful TCP decoding.
Note the lack of TCP flags, ack and window info.
11:26:15.053723 YYYY.1022 > XXX.login: tcp 1 (DF)
11:26:15.054333 XXX.login > YYYY.1022: tcp 1 (DF)
Don
