Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

nobo-DoS.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 38 Views

Nobo denial of service due to buffer overflow from large UDP packets can crash the program remotely.

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`Date: Thu, 4 Feb 1999 16:52:00 -0500  
From: Andrew J. Gavin <[email protected]>  
To: [email protected]  
Subject: NOBO denial of service  
  
As reported by [email protected] approximately a week ago, nobo (a back  
orifice scanning detector) has a buffer overflow problem that will crash  
the program remotely. Sending a UDP packet (larger than 1024 bytes) will  
give the error:  
  
A network error has ocurred: Message too long (10040-92)  
  
Sending 15 of these packets (the minimum required) will crash nobo (stack  
fault in kernel32.dll), with NOTHING recorded to the log file or to the  
screen.  
  
I tested this against nobo 1.2 from both Windows 98 and linux, giving the  
same results. Using 'assault' (included with the mIRC script "7th  
sphere", I believe) in Windows, for example, I was able to send 15 UDP  
packets at 1025 bytes in size, crashing my nobo. In linux, I was able to  
crash my nobo by echoing a string 1025 characters in length, piping it  
through nc (with the -u flag), and repeating 14 more times.  
  
I'm sure some nice scripts could be written to do this to a class C  
subnet. The only drawback to this is that it would be rather  
bandwidth-intensive (15 x 1025 bytes x 255).  
  
----------  
[email protected]  
k3nny or ChazeFroy on Efnet IRC  
  
-------------------------------------------------------------------------  
  
Nobo and Netbuster Dos  
  
Wolfgang Gassner ([email protected])  
Wed, 20 Jan 1999 09:46:56 PST   
  
Simply send Big Udp Packets to eg. Port 31337 and Mr. Nobo will see  
a Big error message at each Packet!!!  
As Default Nobo only Logs on screen and not into file that means  
you can erase your Ping!!  
I tested this on NT and W95 and after some time it will kill with  
a Overflow.  
  
-------------------------------------------------------------------------  
  
[email protected]  
Mon, 25 Jan 1999 16:39:22 -0300  
  
Hi,  
Somebody talk above Nobo crash, and how we can do it, is very simple,  
just put de lines:  
  
find /|nc -u 10.1.1.17 31337  
this make that the NetCat send data to the nobo (bobo) user (10.1.1.17)  
from stdin ("find / ").  
  
this break is easy and work over many OSs  
  
  
Saludos a todos  
Especialmente a los amigos de Freak  
  
By  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
buffer overflowdenial of serviceudp packetsnetwork errorlog filewindowslinux
38
.json
Report