It's possible to perform DoS attack by sending small amount of junk to tcp port 111 of machine running portmap 4.0 (and older). Simple exploit follows (only to send a few random 8-bit chars): telnet -E victim.com 111 </dev/random It will affect specific operations/services on attacked host, like login - depending on system speed, login attempt on idle machine (LA=0.01, Linux 2.0.x, x86) will take from over 10 seconds (k6/200MHz) to long minutes (486dx/80MHz). During attack, many select() calls will fail (timeout), so complex programs will become much slower (especially when resolving domain names :), but LA will not change significally. Smarter attacks (without /dev/random) are probably much more effective. -- Nergal, nie obraziles sie chiba :? _______________________________________________________________________ Michal Zalewski [lcamtufat_private] <= finger for pub PGP key Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch] [echo "\$0&\$0">_;chmod +x _;./_] <=------=> [tel +48 (0) 22 813 25 86]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:47:52 PDT