Author Topic: Find the Flaw  (Read 4247 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Find the Flaw
« on: January 07, 2006, 02:58:05 am »
There's more to this story, but here's a situation.  Can you tell what they did wrong?

I want to implement a ping-type application, but I'm going to write my own protocol.  It is going to go over UDP, obviously, because you can't really ping with TCP, and II want it to be really simple, so here's what I do:
Client -> Server: 0x01
Server -> Client: 0x01

When I send the server a single byte, "1", it responds with the same byte, "1". 

There is an attack that can cripple a system like this.  Can anybody see it? (if you've heard about this, shh)

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: Find the Flaw
« Reply #1 on: January 07, 2006, 03:00:50 am »
[rot13]
Cvatvat lbhefrys?
[/rot13]
http://www.rot13.com/index.php
And like a fool I believed myself, and thought I was somebody else...

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Find the Flaw
« Reply #2 on: January 07, 2006, 03:07:05 am »
[rot13]
Cvatvat lbhefrys?
[/rot13]
http://www.rot13.com/index.php

True, but that's not the main problem. 

Offline igimo1

  • Full Member
  • ***
  • Posts: 420
    • View Profile
Re: Find the Flaw
« Reply #3 on: January 07, 2006, 05:28:35 am »
...Have it send it to itself?

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Find the Flaw
« Reply #4 on: January 07, 2006, 12:51:45 pm »
...Have it send it to itself?
Explain?

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Find the Flaw
« Reply #5 on: January 07, 2006, 12:54:23 pm »
...Have it send it to itself?
Explain?

Spoof the source IP as the destination IP!
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Find the Flaw
« Reply #6 on: January 07, 2006, 01:03:03 pm »
Spoof the source IP as the destination IP!

Oh, I see.  Then it's caught in an infinite loop sending it to itself!  Ha!  That's funny.  Well, couldn't you just make sure the IP isn't yours and isn't localhost?

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Find the Flaw
« Reply #7 on: January 07, 2006, 01:26:09 pm »
Spoof the source IP as the destination IP!

Oh, I see.  Then it's caught in an infinite loop sending it to itself!  Ha!  That's funny.  Well, couldn't you just make sure the IP isn't yours and isn't localhost?

Then have it spoof the ip of another server running that software.  They DoS each other!

And by the way, Microsoft's SQL Server 2000 did exactly that.  It was discovered in 2001, I believe, and is a really, really nasty Denial of Service :)

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Find the Flaw
« Reply #8 on: January 07, 2006, 01:32:07 pm »
Then have it spoof the ip of another server running that software.  They DoS each other!

And by the way, Microsoft's SQL Server 2000 did exactly that.  It was discovered in 2001, I believe, and is a really, really nasty Denial of Service :)

That is nasty.