UPNP Denial of Service

From: Gabriel Maggiotti (gmaggiottiat_private)
Date: Wed Jan 09 2002 - 05:56:51 PST

Next message: D. J. Bernstein: "Re: Announcing a new DNS server implementation"

Previous message: Scott Dier: "Re: myvoicestream.com vulnerability"
Next in thread: Patrick Chambet: "Re: UPNP Denial of Service"
Reply: Patrick Chambet: "Re: UPNP Denial of Service"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We develop a code baseline to test the UPNP DOS. The dos consists in
sending a udp packet to port 1900 with a NOTIFY request. This request
has a URL that XP uses to open a tcp connection. The XP does not
sanitize this request so whatever URL and port could be specified. Once
the tcp connection is opened, a chargen code fills the XP memory and the
machine gets into an unstable state with a 100% of cpu utilization. 
Gabriel Maggiotti, Fernando Oubiña

 <<chargen.c>>  <<upnp_udp.c>>

application/octet-stream attachment: chargen.c

application/octet-stream attachment: upnp_udp.c

Next message: D. J. Bernstein: "Re: Announcing a new DNS server implementation"
Previous message: Scott Dier: "Re: myvoicestream.com vulnerability"
Next in thread: Patrick Chambet: "Re: UPNP Denial of Service"
Reply: Patrick Chambet: "Re: UPNP Denial of Service"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 20:15:12 PST