[7384] in bugtraq
Re: Annex DoS
daemon@ATHENA.MIT.EDU (Matt Carter)
Sun Jul 26 14:04:53 1998
Date: Sun, 26 Jul 1998 18:45:44 +1000
Reply-To: Matt Carter <matt@saratoga.its.bond.edu.au>
From: Matt Carter <matt@SARATOGA.ITS.BOND.EDU.AU>
X-To: Albert Nubdy <formatez@EDUREDES.EDU.DO>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.980725200936.6869A-100000@eduredes.edu.do>
i made a post about some time ago. a simple 'strobe' will bring a bay
terminal server crashing to it's knees. i notified bay years ago ..
hell lets go something even simpler. 1 x 32k ping packet ever second at a
annex will crush it. so, maybe you have something a bit beefier (i'm
looking at micro annex els) fire 2 x 32k packets. gee that was difficult.
admittedly, i haven't been up to date on the bay annex stuff, so maybe
they fixed it.. but i never eever heard anything back from them so..
On Sat, 25 Jul 1998, Albert Nubdy wrote:
> From: Albert Nubdy <formatez@EDUREDES.EDU.DO>
> To: BUGTRAQ@NETSPACE.ORG
> Date: Sat, 25 Jul 1998 20:10:21 -0400
> Subject: [BUGTRAQ] Annex DoS
> Message-ID: <Pine.LNX.3.96.980725200936.6869A-100000@eduredes.edu.do>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Redes2 Security Team
> --------------------
> .DO Underground
>
>
> PROBLEM
> =======
>
> We have found serveral DoS attacks agaisnt Annex terminal servers
> from
> xylogics(bay).
>
>
> DETAILS
> =======
>
> The first attack is about the ping program on the webserver. They
> designed the /ping program to take only 64 chars in the hostname part.
> They avoided from ppl to insert more than 64 by limiting it in the
> page on
> the webserver (/ping.html). But if you do a :
> http://annex.server.here/ping?query=a lot of aaaaaa's here(more than
> 64)
> then annex server goes BOOM!.
>
> The second attack is with the land attack. Maybe when they tried the
> land attack on the annex servers they thought it didn't work. But it
> does... The problem is that when you do 1 land attack the CPU only
> rises a
> 50 percent. Now if you do 2 land attacks consecutively then the annex
> server freezes because the CPU rises to 100%. I didn't make any
> programs
> for this because you only have to do a shell script that executes your
> land program at least two or three times.
>
> FIX
> ===
>
> We notified Bay a month ago. They have not responded yet.
>
>
> Credits:
> wh0is, speed1, lizard.
>
> ========================================|
> Albert Nubdy | formatez@eduredes.edu.do |
> FormateZ@undernet |
> - ----------------------------------------|
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
>
> iQA/AwUBNbqefVRmALifgPyqEQIvLACeOPojXC2FqVgsO688XIBGINVNEDMAnR5r
> WpUM+RDMkvaCMEmMkzqVNt5h
> =HPOk
> -----END PGP SIGNATURE-----
>
--
Matt Carter | Systems Management Group
Email: matt@bond.edu.au | Bond University
Phone: +61 7 5595 1423 | University Drive
Fax: +61 7 5595 1456 | Robina, QLD 4226
