[9253] in bugtraq
Re: Win98 Crash?
daemon@ATHENA.MIT.EDU (Vanja Hrustic)
Wed Jan 27 13:31:43 1999
Date: Wed, 27 Jan 1999 04:08:22 +0700
Reply-To: Vanja Hrustic <vanja@SIAMRELAY.COM>
From: Vanja Hrustic <vanja@SIAMRELAY.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19990125143154.D3004@freek.com>
At 14:31 25/01/99 -0500, dorqus maximus wrote:
>This oshare.c code may have crashed our Checkpoint Firewall-1, version 3.0b,
>Build Number: 3083. (Sun Sparc, Solaris 2.5.1)
[snip]
Little modification in the source. For example...
----------------------------------------------
ip->ihl = 22;
ip->frag_off = htons( -16383 );
----------------------------------------------
Compile, and send heaps of packets ('./oshare x.x.x.x 300' for example) to
local Windows 98/NT box. It should freeze (literally) while packets are
travelling. It recovers after the 'attack' is finished (shouldn't be a big
problem to leave a process in the background that will send packets forever).
This was tested against Windows 98 and Windows NT 4.0 ( 2 Workstations and
1 Server - all with SP4 applied, no post SP4 hotfixes).
*Please*, don't mail me with "It didn't work for me!" - that's why I post
it here, so people can test & make summaries. Play around with source, you
can get interesting effects (and responses from router :). Don't try to
flood NT boxes outside internal network - packets won't get out (they
didn't for me - others could have different results).
It will also affect HP-UX (tested against 10.20), but I didn't get more
than "jumping mouse" effect. Load is higher, but machine is functional.
Linux (2.0.36 and 2.2.0-pre4) was not affected.
(final note: program was compiled and 'initiated' on linux box w/
2.2.0-pre4 kernel)
Regards,
Vanja Hrustic
Information Systems Manager
Siam Relay Ltd.
Phone: +662-713-5130
Fax : +662-713-5132
http://www.siamrelay.com - Siam Relay Ltd. - Security & E-Commerce
http://safer.siamrelay.com - Security Alert For Enterprise Resources
