We develop a code baseline to test the UPNP DOS. The dos consists in sending a udp packet to port 1900 with a NOTIFY request. This request has a URL that XP uses to open a tcp connection. The XP does not sanitize this request so whatever URL and port could be specified. Once the tcp connection is opened, a chargen code fills the XP memory and the machine gets into an unstable state with a 100% of cpu utilization. Gabriel Maggiotti, Fernando Oubiņa <<chargen.c>> <<upnp_udp.c>>
This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 20:15:12 PST