port-mac68k: The ping from Hades?

Subject: The ping from Hades?
To: NetBSD Mailing List <port-mac68k@NetBSD.ORG>
From: The Great Mr. Kurtz [David A. Gatwood] <davagatw@Mars.utm.edU>
List: port-mac68k
Date: 12/07/1996 20:27:12
Something that concerned me slightly....  I caught this on one of the
security newsgroups.  Actually, I caught the URL for it on one of the
security newsgroups.  Basically, I was wondering if anybody had checked
the NetBSD-mac68k sources to see if they're vulnerable to this
denial-of-service attack.

> In a nutshell, it is possible to crash, reboot or otherwise kill a
> large number of systems by sending a ping of a certain
> size from a remote machine. This is a serious problem, mainly because
> this can be reproduced very easily, and from a
> remote machine. (During tests, my machine in London, England has been
> crashed from a machine in Berkely, California), and
> because the attacker needs to know nothing about the machine other
> than its IP address. Be afraid. Since I started this
> page on the 21st October, over 18 major operating systems have been
> found vulnerable.

<snip>
    
>  4.3. Operating systems which just possibly could be vulnerable
  
>  This is for systems where only one or two people have had trouble

> Operating system Version Symptoms Comment
<snip>
> NetBSD           x86,
<snip>

Basically, the problem occurs when large (illegally large, over 65535
bytes) IP datagrams are sent, and occurs due to the code that puts
the pieces of the packets back together, which do not have sufficient
bugger room.  Evidently, a couple versions of windows (NT and 95) allow
the packets to be 65527 bytes long, which really caused havoc.

The URL is...

http://www.accesscom.com/~tdj/ping

I doubt it affects NetBSD-mac68k, since FreeBSD is immune and evidently,
there was little sign of trouble with NetBSD-x86, but I thought I'd post
and ask if anybody had checked on this.

And so help me, if this whole thing is somebody's idea of a sick hoax, I'm
gonna be more than just a little bit annoyed.

Later,

David

 /---------------------------------------------------------------------\
|David A. Gatwood             And Richard Cory, one calm summer night,  |
|davagatw@mars              Went home and put a bullet through his head.|
|dgatwood@nyx.cs.du.edu              --Edwin Arlington Robinson         |
|http://mars.utm.edu/~davagatw -or- http://nox.cs.du.edu:8001/~dgatwood |
 \---------------------------------------------------------------------/