Date: Sat, 22 Jan 2000 00:42:08 -0600 (CST) From: Gene Harris <zeus@tetronsoftware.com> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: freebsd-security@freebsd.org, Brett Glass <brett@lariat.org> Subject: Follow Up to NT DoS w/stream Message-ID: <Pine.BSF.4.10.10001220019130.5546-100000@tetron02.tetronsoftware.com>
next in thread | raw e-mail | index | archive | help
Matt, Sorry I didn't answer your earlier query about an NT attack across a T3 using streams. Had a dinner date with a lovely girl. I did not attempt to monitor packet activity at the attack machine (BSDI OS). However, we brought a new NT machine online to our local 100 MBit network, with SP6a (I couldn't find my SP4 files and didn't feel like downloading them.) We proceeded to attack the NT Server from a Redhat Linux 6.1 box and a FreebSD 3.4 stable box on our local 10.0.0.0/8 network with stream.c using random ports. We used the command ./stream 10.0.0.2 0 0 10000 from each *nix box. The system showed no discernable slow down, running IIS. (However, the process monitor registered a CPU activity between 26 and 34%.) I also ran a Back Office 2.5 install across the same network, from a CD on a nearby Win98 machine to simulate directed activity from the NT Server to a client. Other than some slowness due to the high network loads, the NT box did not appear to be bothered. I ran this test for about 2 hours while we were at dinner. I then played around, using the FreeBSD box to launch an attack with the command ./stream 10.255.255.255 0 0 10000. Oh WOW! The network came to a screaching halt. An old laptop 100 MHz Pentium laptop stopped responding, and a much newer Windows 98 machine slowed noticably. The collision light went from an occasional blink to pegged on the network hub. The NT machine took forever to read from the CD ROM on the Win98 machine. The linux box stopped responding altogether. No machine crashed. I ran the attack for 30 minutes. As soon as the attack was terminated, all boxes returned to normal activity. (On interesting side note. The Redhat machine would not let me attempt a stream attack with 10.255.255.255. It would only return a socket: permission denied error.) *==============================================* *Gene Harris http://www.tetronsoftware.com* *FreeBSD Novice * *All ORBS.org SMTP connections are denied! * *==============================================* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10001220019130.5546-100000>