|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Win2k and /dev/zero
From: Pete Philips (pete
S3.INTEGRALIS.CO.UK)Date: Thu Jul 06 2000 - 04:07:56 CDT
- Next message: CouNT: "Re: default passwords...partII"
- Previous message: Ron DuFresne: "Re: BitchX /ignore bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Pete Philips wrote:
>
> Anyone tried the Firewall-1 variation?
>
> > Sending a stream of binary zeros over the network to the SMTP port on the firewall
> > raises the target system's load to 100% while the load on the attacker's
> > system machine remains relatively low. This can easily be reproduced from
> > a Linux system using netcat with an input of /dev/zero, with a command such as
> > "nc firewall 25 < /dev/zero".
Replying to my own message... I found some further information
over on the Firewall-1 mailing list:
"Olaf Selke" <Olaf.SelkemediaWays.net> wrote:
> I can confirm this DOS for 4.1 SP1+Hotfix (Build 41603) and 4.0 SP6
> (Build 4156), both on Solaris. Obviously $FWDIR/log/asmtpd.elg
> respectively $FWDIR/log/asmtpd.log are growing like hell with many
> MB each minute during such an attack. Maybe all cpu cycles are eaten up
> by in.asmtpd for logging. Don't know if it's possible to disable this.
Pete.
---------------------------------------------------------------
| Pete Philips \|/ |
| Integralis S3 Team O |
| E-mail: pete.philipsintegralis.co.uk |
| Phone: +44 118 930 6060 |
| PGP Key: http://www.s3.integralis.co.uk/pgp/pete.pgp |
---------------------------------------------------------------
- Next message: CouNT: "Re: default passwords...partII"
- Previous message: Ron DuFresne: "Re: BitchX /ignore bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]