There's more to this story, but here's a situation. Can you tell what they did wrong?
I want to implement a ping-type application, but I'm going to write my own protocol. It is going to go over UDP, obviously, because you can't really ping with TCP, and II want it to be really simple, so here's what I do:
Client -> Server: 0x01
Server -> Client: 0x01
When I send the server a single byte, "1", it responds with the same byte, "1".
There is an attack that can cripple a system like this. Can anybody see it? (if you've heard about this, shh)
[rot13]
Cvatvat lbhefrys?
[/rot13]
http://www.rot13.com/index.php
Quote from: Blaze on January 07, 2006, 03:00:50 AM
[rot13]
Cvatvat lbhefrys?
[/rot13]
http://www.rot13.com/index.php
True, but that's not the main problem.
...Have it send it to itself?
Quote from: Newby on January 07, 2006, 12:54:23 PM
Spoof the source IP as the destination IP!
Oh, I see. Then it's caught in an infinite loop sending it to itself! Ha! That's funny. Well, couldn't you just make sure the IP isn't yours and isn't localhost?
Quote from: Sidoh on January 07, 2006, 01:03:03 PM
Quote from: Newby on January 07, 2006, 12:54:23 PM
Spoof the source IP as the destination IP!
Oh, I see. Then it's caught in an infinite loop sending it to itself! Ha! That's funny. Well, couldn't you just make sure the IP isn't yours and isn't localhost?
Then have it spoof the ip of another server running that software. They DoS each other!
And by the way, Microsoft's SQL Server 2000 did exactly that. It was discovered in 2001, I believe, and is a really, really nasty Denial of Service :)
Quote from: iago on January 07, 2006, 01:26:09 PM
Then have it spoof the ip of another server running that software. They DoS each other!
And by the way, Microsoft's SQL Server 2000 did exactly that. It was discovered in 2001, I believe, and is a really, really nasty Denial of Service :)
That is nasty.