[8459] in bugtraq
Re: various *lame* DoS attacks
daemon@ATHENA.MIT.EDU (puppet)
Mon Nov 9 14:42:49 1998
Date: Sat, 7 Nov 1998 22:22:35 GMT
Reply-To: puppet@earthling.net
From: puppet <puppet@DYNAMSOL.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199811060910.EAA02537@netspace.org>
On Fri, 6 Nov 1998 01:46:17 -0600, you wrote:
The problem with a timeout not shutting down the port was fixed almost a
month ago. Spoofing is always a problem, that is why the script was
written such that channel takeovers are not possible.
puppet
>2) CPU DoS against NukeNabber (NT only?)
>
>I haven't tested this on anything other than Windows NT 4.0 SP3
>(Workstation & Server)
>
>How it works:
>
>NukeNabber listens on several ports for connections. You can configure it
>to listen on any port, but the standards are 1080, etc.
>If you telnet to the port of a machine that NukeNabber is listening on,
>NukeNabber apparently spawns a process called Report.exe. This process
>lasts anywhere from 30-90 seconds, and consumes ~100% CPU. The problem
>with this is fairly obvious. (note: when connecting to a port that
>NukeNabber is listening on, it's important that you don't type anything.
>Just let the connection sit and time out.)
>
>Fix:
>
>Unsure
>
>Has the author been notified?
>
>Yes, about 6 weeks ago. I received no reply.
>
>
>While we're on the subject of NukeNabber, I'll point something else out.
>NukeNabber has a nifty feature that establishes a DDE link with an IRC
>client. (mIRC or pirch) There are scripts written for both clients that
>have the option to kick/ban any host found to be "nuking" from all the
>channels that you're oped in, and can also /ignore them. This can become
>interesting when someone has a version of WinNuke that can spoof a source
>IP. If a person has the kick/ban/ignore feature active, you can turn them
>against the people in their channels quite easily. Again, lots of fun to
>be had here. (I believe the only "nuke" that NukeNabber listens for is a
>WinNuke.)
---
Get NukeNabber 2.9a & The Cleaner 1.9d @ http://www.dynamsol.com/puppet/
Read the NN FAQ @ http://www.dynamsol.com/puppet/faqs/nnfaq.html
PGP Key ID: B4066BF1 Fingerprint: FF3E 9A24 E08C 69BB C318 F702 FBCF 3DC4 B406 6BF1
