[2586] in bugtraq
Re: Denial of Service Attacks INFO
daemon@ATHENA.MIT.EDU (Fred Cohen)
Thu May 23 02:38:01 1996
Date: Wed, 22 May 1996 14:57:43 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Fred Cohen <fc@all.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199605221049.GAA04444@Collatz.McRCIM.McGill.EDU> from "der
Mouse" at May 22, 96 06:49:52 am
> > UDP Bomb - By sending a UDP packet with incorrect information in the
> > header, some Sun-OS 4.1.3 Unix boxes will panic and then reboot.
>
> Anyone willing to say _what_ this magic incorrect information is? I'd
> much rather not have to take the time to grab the patch, uncompile both
> it and the file(s) it replaces, and try to figure it out from there.
For example:
from-IP=127.0.0.1
to-IP=target
Packet type: UDP
from UDP port 7 (echo)
to UDP port 7 (echo)
UDP port echos the packet to localhost which echoes the packet to localhost, ...
infinite loop - resource exhaustion - ...
Similar things work on systat, daytime, time, and other UDP services
that return results to the source of the inbound packet and don't depend
on packet content.
To get 2 hosts with one packet:
from-IP= target 1
to-IP=target 2
they bounce the packets back and forth between each other.
Add source routing to absorb bandwidth to more intermediate sites along
the way. Add high priority, etc. to make it even more abusive.
By the way - a common Web cashing server now uses UDP port 7 packets to
check for changed files, so any server that supports this cache scheme
is also susceptible to these attacks.
-> See: Info-Sec Heaven at URL http://all.net/
Management Analytics - 330-686-0090 - PO Box 1480, Hudson, OH 44236
