Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability

Wed, 15 Dec 1999 10:36:24 -0800 

Maybe I am missing something, but after looking at the ASM code that ussr
provided, it seems as if they are just doing a standard "connection
flood".  I see absolutely nothing significant or specific to WarFTPD
here.  The same type of attack would affect any number of FTP servers when
done from a fast enough link.  In other words, the good ole' hose + a tiny
fragment of code to actually send a username/pass is all that is needed to
duplicate this.

The only denial of service I see here is a "max connections" problem.  This
would be harder to combat if the attack cam from random ip's... but that is
not the case in this instance.  So, did I miss something in this case?

/tmy

At 06:41 PM 12/14/1999, Ussr Labs wrote:
>Strange, no body report this problem only you :(, the war ftp deamnon stop
>responding wen reseive lots of incomming connections, the porgram no CRASH
>just only stop responding.
>
>u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h
>http://www.ussrback.com
>
>
>
>-----Original Message-----
>From: Malartre [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, December 14, 1999 8:46 PM
>To: Ussr Labs
>Cc: [EMAIL PROTECTED]
>Subject: Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70
>Vulnerability
>
>
>Ussr Labs wrote:
> >
> > Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability
>
>I am personnaly not able to reproduce this on my computer. I was using
>the program on the same computer that war-ftpd is.
>
>It's a Pentium 200 with win95b, no firewalls, nothing special.
>
>My cable-modem connection was down during the use of the program, but
>this is because I was flooding myself.
>
>After a minute or two, I closed the program and my connection was back
>and War FTP was ok.
>Thank You
>--
>[Malartre][[EMAIL PROTECTED]]


-- Diving into infinity my consciousness expands in inverse
    proportion to my distance from singularity

+--------  -------  ------  -----  ---- --- -- ------ --------+
|  Tim Yardley ([EMAIL PROTECTED])       
|  http://www.students.uiuc.edu/~yardley/
+--------  -------  ------  -----  ---- --- -- ------ --------+

Reply via email to