undefined | Better HN

0 pointsrphlx6y ago0 comments

Though not as bad as Win9x it definitely had some frag-of-death/ping-of-death vulns around 1997/98. teardrop et al.

0 comments

Here's a golden oldie from 1996:

https://packetstormsecurity.com/files/15507/CA-96.26.ping.ht...

My favorite of that era was simply the working-as-designed simplicity of sneaking the Hayes modem hangup sequence into various protocols: actual Hayes modems used +++ with a time-delay to send commands such as ATH0 (hangup) but everyone else skipped that time-delay in an attempt to avoid the patent so you could disconnect any modem-connected system if you could figure out how to get it to echo "+++ATH0". Some IP stacks (e.g. Windows 95) would simply send the received ICMP payload as the response so a simple `ping -p …` would do it but people found ways to cause similar problems with sendmail, FTP, etc.

https://dl.packetstormsecurity.net/new-exploits/modem-DoS.tx...

jlgaddis6y ago

IRC was a fun venue for that one ~25 years ago.

Pop into some random channel, send "/ctcp #channel ping +++ATH0", and wait patiently... a moment or two later you would be rewarded with a flood of "signoff" messages as the users' TCP sessions to the IRC server timed out (by responding to the CTCP, they had, in effect, told their modems to hang up).

The goal, of course, was to get the highest "body count" possible from a single CTCP message.

Smurf attacks, the "ping of death", AOHell, the latest sendmail and wu-ftpd holes of the week, open proxies... the Internet was a very entertaining place for a bored teenager from the midwest back then.

Thanks for the flashback!

acdha6y ago

I was having a similar moment of nostalgia. Hard as it may be to believe some weeks, we have gotten a lot better at securing things.

hermitdev6y ago

Ah, yeah. Takes me back to my college years. I was a sophomore at the time and was running Win2k server release candidates. Had a new freshman brag about having WinME, which was on the 9x kernel. Went back to my room in the dorms amd alternately sent a ping of death. Ping of death would crash him, but a ping flood was a DoS. His computer would hang trying to handle all of the traffic. Rendered the network unusable on my end while I was doing it, but the PC was otherwise fine (i.e. I could play offline games). Proved my point, he was humbled and stopped bragging and I left him alone after my little demonstration.

spacemanmatt6y ago

landattack, ping of death, good times, horrible software

j / k navigate · click thread line to collapse

0 comments

acdha6y ago

Here's a golden oldie from 1996:

https://packetstormsecurity.com/files/15507/CA-96.26.ping.ht...

https://dl.packetstormsecurity.net/new-exploits/modem-DoS.tx...

jlgaddis6y ago

IRC was a fun venue for that one ~25 years ago.

The goal, of course, was to get the highest "body count" possible from a single CTCP message.

Thanks for the flashback!

acdha6y ago

I was having a similar moment of nostalgia. Hard as it may be to believe some weeks, we have gotten a lot better at securing things.

hermitdev6y ago

spacemanmatt6y ago

landattack, ping of death, good times, horrible software

j / k navigate · click thread line to collapse