North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

[no subject]

  • From: Gus Huber
  • Date: Thu Apr 16 16:50:16 1998

While reading threads on the list I'm cc'ing this message to, I thought of
a similar attack to smurf, that could be a problem based on SMURF attacks.
ICMP isn't the only services that can be potentialy exploited via his bug,
UDP could be a huge player too.  For example those of you familiar with
SMB might be able to deduce what I am getting at.  Just a little test I
did today.  
dialin:> nmblookup -B broadcast.mydomain.com \* <hidden to protect the
innocent>

Well then I went to my packet loging facilities.

Since the class c that I send the broadcast was primarily windows machines
I got approximately 200 replys to this one udp packet.  It seems to me
that this could be allmost as big of a player as smurf if executed
tactfuly.  Some common UDP services can be fooled into sending back many
more packets than you send in, especialy on windows machines.  I sent this
to this list in hopes it would be dealt with before widespread exploit of
it could take place.  

	Gus Huber <[email protected]>