Date: Thu, 4 Feb 1999 16:52:00 -0500 From: Andrew J. Gavin To: BUGTRAQ@netspace.org Subject: NOBO denial of service As reported by i-kran@USA.NET approximately a week ago, nobo (a back orifice scanning detector) has a buffer overflow problem that will crash the program remotely. Sending a UDP packet (larger than 1024 bytes) will give the error: A network error has ocurred: Message too long (10040-92) Sending 15 of these packets (the minimum required) will crash nobo (stack fault in kernel32.dll), with NOTHING recorded to the log file or to the screen. I tested this against nobo 1.2 from both Windows 98 and linux, giving the same results. Using 'assault' (included with the mIRC script "7th sphere", I believe) in Windows, for example, I was able to send 15 UDP packets at 1025 bytes in size, crashing my nobo. In linux, I was able to crash my nobo by echoing a string 1025 characters in length, piping it through nc (with the -u flag), and repeating 14 more times. I'm sure some nice scripts could be written to do this to a class C subnet. The only drawback to this is that it would be rather bandwidth-intensive (15 x 1025 bytes x 255). ---------- gavina@river.it.gvsu.edu k3nny or ChazeFroy on Efnet IRC ------------------------------------------------------------------------- Nobo and Netbuster Dos Wolfgang Gassner (wulfmen@HOTMAIL.COM) Wed, 20 Jan 1999 09:46:56 PST Simply send Big Udp Packets to eg. Port 31337 and Mr. Nobo will see a Big error message at each Packet!!! As Default Nobo only Logs on screen and not into file that means you can erase your Ping!! I tested this on NT and W95 and after some time it will kill with a Overflow. ------------------------------------------------------------------------- i-kran@USA.NET Mon, 25 Jan 1999 16:39:22 -0300 Hi, Somebody talk above Nobo crash, and how we can do it, is very simple, just put de lines: find /|nc -u 10.1.1.17 31337 this make that the NetCat send data to the nobo (bobo) user (10.1.1.17) from stdin ("find / "). this break is easy and work over many OSs Saludos a todos Especialmente a los amigos de Freak By