Date: Sun, 26 Jul 1998 18:45:44 +1000
From: Matt Carter <matt@saratoga.its.bond.edu.au>
Subject: Re: Annex DoS


i made a post about some time ago. a simple 'strobe' will bring a bay
terminal server crashing to it's knees. i notified bay years ago ..

hell lets go something even simpler. 1 x 32k ping packet ever second at a
annex will crush it. so, maybe you have something a bit beefier (i'm
looking at micro annex els) fire 2 x 32k packets. gee that was difficult.

admittedly, i haven't been up to date on the bay annex stuff, so maybe
they fixed it.. but i never eever heard anything back from them so..


On Sat, 25 Jul 1998, Albert Nubdy wrote:

> From: Albert Nubdy <formatez@EDUREDES.EDU.DO>
> To: BUGTRAQ@NETSPACE.ORG
> Date: Sat, 25 Jul 1998 20:10:21 -0400
> Subject: [BUGTRAQ]       Annex DoS
> Message-ID: <Pine.LNX.3.96.980725200936.6869A-100000@eduredes.edu.do>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
>                                Redes2 Security Team
>                                 --------------------
>                                    .DO Underground
>
>
> PROBLEM
> =======
>
>   We have found serveral DoS attacks agaisnt Annex terminal servers
> from
> xylogics(bay).
>
>
> DETAILS
> =======
>
>   The first attack is about the ping program on the webserver. They
> designed the /ping program to take only 64 chars in the hostname part.
> They avoided from ppl to insert more than 64 by limiting it in the
> page on
> the webserver (/ping.html). But if you do a :
> http://annex.server.here/ping?query=a lot of aaaaaa's here(more than
> 64)
> then annex server goes BOOM!.
>
>   The second attack is with the land attack. Maybe when they tried the
> land attack on the annex servers they thought it didn't work. But it
> does... The problem is that when you do 1 land attack the CPU only
> rises a
> 50 percent. Now if you do 2 land attacks consecutively then the annex
> server freezes because the CPU rises to 100%. I didn't make any
> programs
> for this because you only have to do a shell script that executes your
> land program at least two or three times.
>
> FIX
> ===
>
>   We notified Bay a month ago. They have not responded yet.
>
>
> Credits:
> wh0is, speed1, lizard.
>
> ========================================|
> Albert Nubdy | formatez@eduredes.edu.do |
> FormateZ@undernet                       |
> - ----------------------------------------|
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
>
> iQA/AwUBNbqefVRmALifgPyqEQIvLACeOPojXC2FqVgsO688XIBGINVNEDMAnR5r
> WpUM+RDMkvaCMEmMkzqVNt5h
> =HPOk
> -----END PGP SIGNATURE-----
>

--
Matt Carter                   | Systems Management Group
Email: matt@bond.edu.au       | Bond University
Phone: +61 7 5595 1423        | University Drive
Fax:   +61 7 5595 1456        | Robina, QLD 4226