[14861] in bugtraq
Re: Denial of service attack against tcpdump
daemon@ATHENA.MIT.EDU (Hugo.van.der.Kooij@CAIW.NL)
Wed May 10 20:40:55 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10005100108060.11972-100000@bastion.hugo.vanderkooij.org>
Date: Wed, 10 May 2000 01:09:47 +0200
Reply-To: Hugo.van.der.Kooij@CAIW.NL
From: Hugo.van.der.Kooij@CAIW.NL
X-To: bretonh@PARANOIA.PGCI.CA
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.SOL.4.10.10005021942380.2077-100000@paranoia.pgci.ca>
On Tue, 2 May 2000 bretonh@PARANOIA.PGCI.CA wrote:
> There is a way to disable tcpdump running on a remote host. By sending a
> carefully crafted UDP packet on the network which tcpdump monitors, it is
> possible, under certain circonstances, to make tcpdump fall into an infinite
> loop.
Could it be that iptraf suffers a similar weakness? (Or even worse?)
I noticed that iptraf dies on me too often during network tests.
Hugo.
--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland
hvdkooij@caiw.nl http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
Quoting this tagline is illegal! (http://www.dtcc.edu/cs/rfc1855.html)
