Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70

From: Tim (yardleyat_private)
Date: Wed Dec 15 1999 - 07:16:01 PST

Next message: .rain.forest.puppy.: "Re: NT WinLogon VM contains plaintext password visible in admin"

Previous message: Ussr Labs: "Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Maybe I am missing something, but after looking at the ASM code that ussr
provided, it seems as if they are just doing a standard "connection
flood".  I see absolutely nothing significant or specific to WarFTPD
here.  The same type of attack would affect any number of FTP servers when
done from a fast enough link.  In other words, the good ole' hose + a tiny
fragment of code to actually send a username/pass is all that is needed to
duplicate this.

The only denial of service I see here is a "max connections" problem.  This
would be harder to combat if the attack cam from random ip's... but that is
not the case in this instance.  So, did I miss something in this case?

/tmy

At 06:41 PM 12/14/1999, Ussr Labs wrote:
>Strange, no body report this problem only you :(, the war ftp deamnon stop
>responding wen reseive lots of incomming connections, the porgram no CRASH
>just only stop responding.
>
>u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h
>http://www.ussrback.com
>
>
>
>-----Original Message-----
>From: Malartre [mailto:malartreat_private]
>Sent: Tuesday, December 14, 1999 8:46 PM
>To: Ussr Labs
>Cc: BUGTRAQat_private
>Subject: Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70
>Vulnerability
>
>
>Ussr Labs wrote:
> >
> > Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability
>
>I am personnaly not able to reproduce this on my computer. I was using
>the program on the same computer that war-ftpd is.
>
>It's a Pentium 200 with win95b, no firewalls, nothing special.
>
>My cable-modem connection was down during the use of the program, but
>this is because I was flooding myself.
>
>After a minute or two, I closed the program and my connection was back
>and War FTP was ok.
>Thank You
>--
>[Malartre][malartreat_private]

-- Diving into infinity my consciousness expands in inverse
    proportion to my distance from singularity

+--------  -------  ------  -----  ---- --- -- ------ --------+
|  Tim Yardley (yardleyat_private)	
|  http://www.students.uiuc.edu/~yardley/
+--------  -------  ------  -----  ---- --- -- ------ --------+

Next message: .rain.forest.puppy.: "Re: NT WinLogon VM contains plaintext password visible in admin"
Previous message: Ussr Labs: "Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:21:10 PDT