annex-DoS.txt

`Date: Sun, 26 Jul 1998 18:45:44 +1000  
From: Matt Carter <[email protected]>  
Subject: Re: Annex DoS  
  
  
i made a post about some time ago. a simple 'strobe' will bring a bay  
terminal server crashing to it's knees. i notified bay years ago ..  
  
hell lets go something even simpler. 1 x 32k ping packet ever second at a  
annex will crush it. so, maybe you have something a bit beefier (i'm  
looking at micro annex els) fire 2 x 32k packets. gee that was difficult.  
  
admittedly, i haven't been up to date on the bay annex stuff, so maybe  
they fixed it.. but i never eever heard anything back from them so..  
  
  
On Sat, 25 Jul 1998, Albert Nubdy wrote:  
  
> From: Albert Nubdy <[email protected]>  
> To: [email protected]  
> Date: Sat, 25 Jul 1998 20:10:21 -0400  
> Subject: [BUGTRAQ] Annex DoS  
> Message-ID: <[email protected]>  
>  
> -----BEGIN PGP SIGNED MESSAGE-----  
>  
> Redes2 Security Team  
> --------------------  
> .DO Underground  
>  
>  
> PROBLEM  
> =======  
>  
> We have found serveral DoS attacks agaisnt Annex terminal servers  
> from  
> xylogics(bay).  
>  
>  
> DETAILS  
> =======  
>  
> The first attack is about the ping program on the webserver. They  
> designed the /ping program to take only 64 chars in the hostname part.  
> They avoided from ppl to insert more than 64 by limiting it in the  
> page on  
> the webserver (/ping.html). But if you do a :  
> http://annex.server.here/ping?query=a lot of aaaaaa's here(more than  
> 64)  
> then annex server goes BOOM!.  
>  
> The second attack is with the land attack. Maybe when they tried the  
> land attack on the annex servers they thought it didn't work. But it  
> does... The problem is that when you do 1 land attack the CPU only  
> rises a  
> 50 percent. Now if you do 2 land attacks consecutively then the annex  
> server freezes because the CPU rises to 100%. I didn't make any  
> programs  
> for this because you only have to do a shell script that executes your  
> land program at least two or three times.  
>  
> FIX  
> ===  
>  
> We notified Bay a month ago. They have not responded yet.  
>  
>  
> Credits:  
> wh0is, speed1, lizard.  
>  
> ========================================|  
> Albert Nubdy | [email protected] |  
> FormateZ@undernet |  
> - ----------------------------------------|  
> -----BEGIN PGP SIGNATURE-----  
> Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>  
>  
> iQA/AwUBNbqefVRmALifgPyqEQIvLACeOPojXC2FqVgsO688XIBGINVNEDMAnR5r  
> WpUM+RDMkvaCMEmMkzqVNt5h  
> =HPOk  
> -----END PGP SIGNATURE-----  
>  
  
--  
Matt Carter | Systems Management Group  
Email: [email protected] | Bond University  
Phone: +61 7 5595 1423 | University Drive  
Fax: +61 7 5595 1456 | Robina, QLD 4226  
`