 |
 Descriptions of exploits
Here are the descriptions of exploits used in the PC Flank's Exploits Test:
IGMPSYN
This denial-of-service attack is used to freeze victim's computer. IGMPSYN sends "type 1" IGMP requests with random source addresses.
Affected systems: Win 95,98
TARGA3
Targa3 is a denial-of-service attack aimed at systems with IP stack vulnerabilities. Targa3 sends random malformed IP packets that cause some IP stacks to crash or act unexpectedly. Malformed IP packets consist of invalid fragmentation, protocol, packet size, header values, options, offsets, tcp segments, and routing flags. Once the TCP stack received the invalid packet, the kernel had to allocate resources to handle the packet. If enough malformed packets were received, the system would crash because of exhausted resources. Targa3 can be used to test firewalls and routers for stability and reactions to unexpected packets.
Affected systems: Win 95,98,Me,NT,2000
FAWX
Fawx is an IGMP denial-of-service attack, which crashes victims' computers. Fawx utilizes oversized fragmented IGMP packets to freeze victim's computer. Since some firewalls still do not support IGMP, FAWX attack successfully penetrates such systems.
Affected systems: Win 95,98,NT
KOD
Kod (Kiss of Death) is a denial-of-service attack, which results in "Blue Screen" error message (so called "blue screen of death") or instantaneous reboot of computer. Kod send to victim's computer malformed IGMP (Internet Group Management Protocol) packets causing TCP/IP stacks to fail.
Affected systems: Win 95,98,2000
SSPING
SSPING is a tool that can freeze a computer connected to the Internet or on a network. The tool sends to the victim's computer a series of highly fragmented, oversized ICMP data packets. The computer receiving the data packets freezes when it tries to put the fragments together. To regain normal functionality it is enough just to reboot the computer.
Affected systems: Win 95,NT and older versions of the MacOS
JOLT2
Jolt2 is a denial-of-service attack which utilizes a continuous stream of identical, fragmented IP packets to consume most or all of the operating system's CPU resources. Most Windows operating systems are vulnerable to this attack, caused by a flaw in each operating system's method of IP fragment reassembly.
Affected systems: Win 95,98,NT,2000 and BeOS 5.0
TWINGE
The Twinge program sends a large number of false ICMP control messages very rapidly to a system. This usually results in performance degradation, and may cause the attacked system to crash. This spoofed attack, utilizes all types of ICMP packets with random IP source addresses.
Affected systems: Win 95,98,NT
MOYARI13
This attack is similar to KOD attack, but is used only against Windows 95/98. Moyari13 sends an illegal ICMP-Timestamp packet to a victim's computer. When receiving this packet the computer crashes (the network stack stops responding).
Affected systems: Win95,98
NUKE
Nuke is an attack can be used to break an IP-connection. Nuke sends to victim's computer an ICMP packet with 'server (destination) unreacheable' message causing the computer to break connection with the server.
Affected systems: Win 95,98,NT,2000
TEARDROP
Teardrop is a denial-of-service attack which causes operating system to crash (so-called "blue screen of death") or reboot. Actually Teardrop is a tool that sends IP fragmented packets to a machine connected to the Internet or a network. Teardrop exploits so-called "overlapping IP fragment bug" that causes the TCP/IP fragmentation re-assembly code to improperly handle overlapping IP fragments. Though this attack does not cause any significant damage to systems, the victim can loose unsaved all data in open applications.
Affected systems: Win 3.1,95,NT and some versions of Linux
NESTEA
Nestea is a variation of the TearDrop-style fragmentation attacks. By mishandling peculiar fragmentation reassemblies, certain TCP/IP stacks will fail resulting victim's computer to crash.
Affected systems: Win 3.1,95,NT and some versions of Linux
LAND
Land is a spoofed attack where a connection appears to be addressed to an address:port combination from that same address:port combination. This attack causes some TCP/IP stacks to lock dead. This attack can be blocked by a firewall or a router which have anti-spoofing filters.
Affected systems: Win 3.11,95,NT and FreeBSD
SYNK4
Synk4 is a spoofed denial-of-service attack. Synk4 is a program that can send a stream of packets with random (spoofed), unique source IP addresses to cause victim's computer to be closed to all new incoming connections. In some cases, the victim's system may exhaust memory, crash and/or hang. All unsaved data in open applications at the time of the attack may be lost if the system crashes or hangs.
Affected systems: Win 95,98,NT
OPENTEAR
Opentear utilizes fragmented UDP packets to cause victim's computer to reboot. Opentear performs attack with randomly spoofed sources and sending random UDP fragmented packets to random ports. This will consume 100% of the CPU's time and may results in reboot.
Affected systems: Win 95,98,NT,2000 and OpenBSD 2.3 and 2.4
STREAM
This attack slows a machine down by using up CPU cycles. The attack also consumes network bandwidth. In addition to the incoming ACK packets, the target host will consume bandwidth when it tries to send TCP RST packets to non-existent IP addresses. Routers will then return ICMP host/network unreachable packets to the victim, resulting in more bandwidth starvation. The distributed method of attack multiplies the effect on the CPU, as well as consuming large amounts of network bandwidth.
Affected systems: Win 95,98,NT,2000
STREAM2
This attack is similiar to its first version. Stream2 is a remote denial-of-service attack which uses ACK packets to consume large amounts of CPU.
Affected systems: Win 95,98,NT,2000
RFPOISON
RFPOISON is a denial-of-service attack that disables a Windows NT client's access to shared-file resources and to other named-pipe connections. RFPoison sends a malformed packet that causes the 'services.exe' process to crash, rendering the system instable.
Affected systems: Win NT
RST_FLIP
RST_FLIP is a denial-of-service attack against an existing connection. RST_FLIP sends to victim's computer malformed TCP packets with RST flags which look to be set by the server.
Affected systems: Win 95,98,NT,2000
REDIR
REDIR is a tool that used to mount an ICMP redirect route spoofing attack. REDIR creates an ICMP redirect packet with the source address set to the regular gateway and sends it to the victim's computer. The packet also contains the "new" gateway to use. The computer will receive redirect host messages causing it to change its own routing table. This can cause the computer to freeze or operate very slowly.
Affected systems: Win 95,98,NT
|
|
