Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormPacket StormPACKETSTORM:15095
HistoryAug 17, 1999 - 12:00 a.m.

annex-DoS.txt

1999-08-1700:00:00
Packet Storm
packetstormsecurity.com
28
JSON
`Date: Sun, 26 Jul 1998 18:45:44 +1000  
From: Matt Carter <[email protected]>  
Subject: Re: Annex DoS  
  
  
i made a post about some time ago. a simple 'strobe' will bring a bay  
terminal server crashing to it's knees. i notified bay years ago ..  
  
hell lets go something even simpler. 1 x 32k ping packet ever second at a  
annex will crush it. so, maybe you have something a bit beefier (i'm  
looking at micro annex els) fire 2 x 32k packets. gee that was difficult.  
  
admittedly, i haven't been up to date on the bay annex stuff, so maybe  
they fixed it.. but i never eever heard anything back from them so..  
  
  
On Sat, 25 Jul 1998, Albert Nubdy wrote:  
  
> From: Albert Nubdy <[email protected]>  
> To: [email protected]  
> Date: Sat, 25 Jul 1998 20:10:21 -0400  
> Subject: [BUGTRAQ] Annex DoS  
> Message-ID: <[email protected]>  
>  
> -----BEGIN PGP SIGNED MESSAGE-----  
>  
> Redes2 Security Team  
> --------------------  
> .DO Underground  
>  
>  
> PROBLEM  
> =======  
>  
> We have found serveral DoS attacks agaisnt Annex terminal servers  
> from  
> xylogics(bay).  
>  
>  
> DETAILS  
> =======  
>  
> The first attack is about the ping program on the webserver. They  
> designed the /ping program to take only 64 chars in the hostname part.  
> They avoided from ppl to insert more than 64 by limiting it in the  
> page on  
> the webserver (/ping.html). But if you do a :  
> http://annex.server.here/ping?query=a lot of aaaaaa's here(more than  
> 64)  
> then annex server goes BOOM!.  
>  
> The second attack is with the land attack. Maybe when they tried the  
> land attack on the annex servers they thought it didn't work. But it  
> does... The problem is that when you do 1 land attack the CPU only  
> rises a  
> 50 percent. Now if you do 2 land attacks consecutively then the annex  
> server freezes because the CPU rises to 100%. I didn't make any  
> programs  
> for this because you only have to do a shell script that executes your  
> land program at least two or three times.  
>  
> FIX  
> ===  
>  
> We notified Bay a month ago. They have not responded yet.  
>  
>  
> Credits:  
> wh0is, speed1, lizard.  
>  
> ========================================|  
> Albert Nubdy | [email protected] |  
> FormateZ@undernet |  
> - ----------------------------------------|  
> -----BEGIN PGP SIGNATURE-----  
> Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>  
>  
> iQA/AwUBNbqefVRmALifgPyqEQIvLACeOPojXC2FqVgsO688XIBGINVNEDMAnR5r  
> WpUM+RDMkvaCMEmMkzqVNt5h  
> =HPOk  
> -----END PGP SIGNATURE-----  
>  
  
--  
Matt Carter | Systems Management Group  
Email: [email protected] | Bond University  
Phone: +61 7 5595 1423 | University Drive  
Fax: +61 7 5595 1456 | Robina, QLD 4226  
`
JSON