[plug] local DoS with ping -R

Anthony J. Breeds-Taurima tony at cantech.net.au
Mon Dec 13 11:15:53 WST 1999


On Mon, 13 Dec 1999, Matt Kemner wrote:

> Looks like they fixed it in later versions of ping. :)
> The version of ping I was running when I had to patch it (this is about 2
> years ago) came with Debian 1.3 - they must have fixed it since then.
> Can someone with a RedHat system tell me if their ping allows -s?

On RedHat 6.1 (with all the latest updates)as a completely ordinary user I
can ping -s :(

~$ ping www.cantech.net.au -q -c 2
PING poseidon.cantech.net.au (203.26.6.1) from 203.26.6.12 : 56(84) bytes of
data.

--- poseidon.cantech.net.au ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.1/0.1/0.2 ms
~$ ping -s 65536 www.cantech.net.au
Error: packet size 65536 is too large. Maximum is 65507
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
I think this is VERY bad :(


Yours Tony.



More information about the plug mailing list