On Sun, 1 Dec 1996 22:23:30 -0600, Internaut wrote:
What is the risk of publishing your dynamic IP address to a web page while you are on line? How vulnerable is someone just connected to the internet, w/o any server running? What attacks are feasable? --Internaut
Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) your machine can be locked up or rebooted at *any* time using just PING! # Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp # <cadams@acucobol.com> | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)
Adamsc wrote:
On Sun, 1 Dec 1996 22:23:30 -0600, Internaut wrote:
What is the risk of publishing your dynamic IP address to a web page while you are on line? How vulnerable is someone just connected to the internet, w/o any server running? What attacks are feasable? --Internaut
Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) your machine can be locked up or rebooted at *any* time using just PING!
Isn't is Unix that is actually vulnerable? - Igor.
On Mon, 2 Dec 1996 ichudov@algebra.com wrote:
What is the risk of publishing your dynamic IP address to a web page while you are on line? How vulnerable is someone just connected to the internet, w/o any server running? What attacks are feasable? --Internaut
Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) your machine can be locked up or rebooted at *any* time using just PING!
Isn't is Unix that is actually vulnerable?
I have never been able to cause more than a mild performance degredation by pinging a Windows 95 machine with large packets. When testing the idea I kept increasing the packet size until the machine no longer responded, but the machine still had TCP/IP capabilities (in terms of transmitting data and forming connections). Ping flooding is another matter though. You probably could cause a larger performance drop. ____________________________________________________ [ Bruce M. - bkmarsh@feist.com - Feist Systems, Inc. ] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "We don't want to get our butts kicked by a bunch of long-haired 26-year-olds with earrings." -- General John Sheehan on their reasons for InfoWar involvement
-----BEGIN PGP SIGNED MESSAGE----- On Mon, 2 Dec 1996, Bruce M. wrote:
On Mon, 2 Dec 1996 ichudov@algebra.com wrote:
What is the risk of publishing your dynamic IP address to a web page while you are on line? How vulnerable is someone just connected to the internet, w/o any server running? What attacks are feasable? --Internaut
Well, if you are running Win95 (all) or 3.1 (w/certain TCP/IP stacks) your machine can be locked up or rebooted at *any* time using just PING!
Isn't is Unix that is actually vulnerable?
I have never been able to cause more than a mild performance degredation by pinging a Windows 95 machine with large packets. When testing the idea I kept increasing the packet size until the machine no longer responded, but the machine still had TCP/IP capabilities (in terms of transmitting data and forming connections). Ping flooding is another matter though. You probably could cause a larger performance drop.
try sending big udp packets instead of big tcp packets; this kills windows faster. --Deviant PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39 Traveling through hyperspace isn't like dusting crops, boy. -- Han Solo -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMqOhizCdEh3oIPAVAQGmwQf8DFO8mdlkk2TQBTpmsYtGmjw5UsezqjkA AayPyzks+6gcylQiqmOZkNb7LTAdClP3lVdz4nxBJYNUzYBSvYDlAJtRgFC+CR0u NXTdr+FZVOjaqaQkFjyIipOCx51Ljsxzr6zXbKIOHTZI5FU20n/NZJaVYzluC9xm VRu/DEXE54esI5QZIM77d8x5lltj15i88D5/Cq/ufb3xr0EBNK3FxklTgFIzxwuP Bdedcf8Vb1EfI958RxAeZ/AQWFujlZSZPwQ6CScBfJiGb4CNv5zNcbiNP0vdpnl6 DgehGTXRNtD27pA2Y0gx9/AOQIiGGZ2RAmG94iJXn/iEecHQqunqpg== =Tz+8 -----END PGP SIGNATURE-----
participants (4)
-
Adamsc@io-online.com -
Bruce M. -
ichudov@algebra.com -
The Deviant