Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: your mail

  • From: Craig A. Huegen
  • Date: Thu Apr 16 17:04:48 1998

On Thu, 16 Apr 1998, Gus Huber wrote:

Check out a program called 'fraggle' or consult my document at
http://www.quadrunner.com/~chuegen/smurf.txt


==>While reading threads on the list I'm cc'ing this message to, I thought of
==>a similar attack to smurf, that could be a problem based on SMURF attacks.
==>ICMP isn't the only services that can be potentialy exploited via his bug,
==>UDP could be a huge player too.  For example those of you familiar with
==>SMB might be able to deduce what I am getting at.  Just a little test I
==>did today.  
==>dialin:> nmblookup -B broadcast.mydomain.com \* <hidden to protect the
==>innocent>
==>
==>Well then I went to my packet loging facilities.
==>
==>Since the class c that I send the broadcast was primarily windows machines
==>I got approximately 200 replys to this one udp packet.  It seems to me
==>that this could be allmost as big of a player as smurf if executed
==>tactfuly.  Some common UDP services can be fooled into sending back many
==>more packets than you send in, especialy on windows machines.  I sent this
==>to this list in hopes it would be dealt with before widespread exploit of
==>it could take place.  
==>
==>	Gus Huber <gus@pbx.org>
==>
==>





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.