ping exploit

fATE 1997 BABY (fate@JET.LAKER.NET)
Sat, 28 Jun 1997 17:02:33 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Charles Howes: "Getpwnam bus error.. is this patched?"
Previous message: fATE 1997 BABY: "sping binary"

I thought this was patched back when this exploit was discovered for
rebooting linux when you would ping -l 65510 ip of a linux box, but it
seems that its still around for win95 users. When you run the program
called sping, it will send an oversized packet to the destined IP and
cause the win95 machine to freeze.

I believe if you install a firewall for the win95 machine, this will be
patched. That how I patched it in linux when it was first discovered. This
seems to only work with Windows 95, NT, and OSR2/3. If you can come up
with a better patch, please do so, grin. I will include the binary to
sping in this email.

Just for your information, this is what I recieve in my tcpdump /
syslogd.

Syslogd(sending to myself)
Oversized packet received from 205.245.75.240

TCPdump(sending out)
16:57:50.315703 ereet.laker.net > jet.laker.net: (frag 4321:380@4176+)
16:57:50.315703 ereet.laker.net > jet.laker.net: (frag 4321:380@4560+)
16:57:50.315703 ereet.laker.net > jet.laker.net: (frag 4321:380@4936+)
16:57:50.315703 ereet.laker.net > jet.laker.net: (frag 4321:380@5320+)
16:57:50.315703 ereet.laker.net > jet.laker.net: (frag 4321:380@5696+)
16:57:50.315703 ereet.laker.net > jet.laker.net: (frag 4321:380@6080+)
16:57:50.315703 ereet.laker.net > jet.laker.net: (frag 4321:380@6456+)

Next message: Charles Howes: "Getpwnam bus error.. is this patched?"
Previous message: fATE 1997 BABY: "sping binary"