Fred Cohen wrote: > > > > UDP Bomb - By sending a UDP packet with incorrect information in the > > > header, some Sun-OS 4.1.3 Unix boxes will panic and then reboot. > > > > Anyone willing to say _what_ this magic incorrect information is? I'd > > much rather not have to take the time to grab the patch, uncompile both > > it and the file(s) it replaces, and try to figure it out from there. > > For example: > > from-IP=127.0.0.1 > to-IP=target > Packet type: UDP > from UDP port 7 (echo) > to UDP port 7 (echo) > On a similar note, a more practical example is this condition will occur if any NFS request (mount, getattr, etc. etc.) has the source IP field set to 127.0.0.1. This can happen in certain circumstances - I believe there is a patch for HP/UX 9.x under certain platforms that prevents this specific condition from occurring. (Any HP that mounts a SunOS 4.1.x server could cause it to crash merely by mounting it!). If anyone is feeling frisky, start playing with a SunOS box and try injecting spurious IP packets onto the wire... since SunOS doesn't have the nifty DLPI interface that Solaris has, it is probably susceptible to many, many similar attacks using the standard IP stack. On a related note, does everyone know of the /dev/openprom problem under SunOS??? Any unprivileged user can crash the system using /dev/openprom... the difference between this and the above problem is that there is no patch for this one :-). (Email for details if you would like to know more). Cheers, Matthew (matt@ott.opcom.ca)