[4147] in bugtraq
Re: Lynx/MSIE denial-of-service
daemon@ATHENA.MIT.EDU (Christopher Blizzard)
Tue Mar 11 01:57:50 1997
Date: Mon, 10 Mar 1997 23:29:34 -0500
Reply-To: Christopher Blizzard <blizzard@APPLIEDTHEORY.COM>
From: Christopher Blizzard <blizzard@APPLIEDTHEORY.COM>
X-To: Doctor Who <drwho@L0PHT.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Mon, 10 Mar 1997 15:05:20 EST."
<Pine.BSI.3.95.970310144258.7182A-100000@l0pht.com>
In message <Pine.BSI.3.95.970310144258.7182A-100000@l0pht.com>, Doctor Who writ
es:
:Many systems run a service called "chargen" on port 19. It simply
:generates a never-ending stream of characters.
:
:If an MSIE or Lynx user connects to a chargen, the browser will act as
:though viewing a file of infinite length. This has caused a modem
:connection to drop using MSIE, and slowed a Linux system using lynx to a
:crawl due to exhaustion of memory. Both processes were aborted before any
:further damage was caused.
:
:A URL such as http://localhost:19 could cause the "flooding" damage to a
:system running lynx and chargen to occur almost instantly, because the
:characters would of course come at a much higher speed.
:
:Netscape Navigator disallows access to port 19. This is probably the best,
:easiest fix to this problem. Further work should be done to figure out
:what other services could cause problems.
:
:The CHARGEN service has other security implications and should be turned
:off in normal system operation.
:
You can also create a serios DOS attack when this is combined with a proxy
server. Using the URL:
http://some.proxy.host/http://some.host.on.the.local.lan:19/
can bring some machines to a screaming halt.
--Chris
------------
Christopher Blizzard
AppliedTheory Communications, Inc.
blizzard@appliedtheory.com
------------
