Of the machines I have had access to, this attack has caused any number of the following problems: 1) Causes the CPU to spike, thus exhausting processor resources. 2) Legitimate fragmented packets are dropped intermittently (unfragmented packets get through fine) 3) Legitimate fragmented packets are no longer accepted by the machine under attack (unfragmented packets get through fine) until the fragmentation time exceeded timers expire. 4) Devices like Cisco routers can have Buffer overflow, i.e. packets are dropped at high packet rates if there aren't enough buffers allocated.
The following devices were tested and showed some or all of the above symptoms: 1) Microsoft Windows 2000 2) Mandrake Linux 9.2 2) Cisco 2621XM 3) PIX Firewall 4) Mac OS/X V10.2.8 (FreeBSD 5?)
The following vendors have been notified of this condition prior to the release of this announcement: 1) Microsoft 2) Cisco (2621XM only) 3) Linux
Attached is the ported Win32 version of the first variation by Laurent Constantin.
r00l
May 2 2004, 10:26 AM
netwib515.dll required
dr0zaxx
May 2 2004, 02:46 PM
Uploaded the file with the missing netwib515.dll which is required.
qcred11
May 3 2004, 02:50 PM
hey dr0zaxx , your attached file for some reason is empty... Can you reupload it again.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
