|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Marc Ruef (marc.ruef_at_computec.ch)
Date: Mon Jul 17 2000 - 15:25:37 CDT
Hi!
I've send you "Trend Micro Officescan Denial of Service" (TMOSDOS for
Windows; compiled win32-exe and the Visual Basic source) which is an
optimized tool for the issue explained on
http://online.securityfocus.com/bid/1013
All advisories describe that a denial of service attack is possible
during sending random data or open more than five connections to the
target port. TMOSDOS opens just one tcp connection, sends just seven
characters ("get / ") to the target and closes after a few seconds the
connection: Thats more effective than the old methods. It seems that
there is an third argument needed to proceed the get-request correctly.
Other seven character requests (e.g. "1234567") don't cause a denial of
service.
Most Intrusion Detection Systems are not able to detect this attack
correctly: They point always to BackOrific because the destination port
is often tcp/12345.
Bye, Marc
-- Computer, Technik & Security http://www.computec.ch
- application/x-zip-compressed attachment: tmosdos.zip
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]