Copy Link
Add to Bookmark
Report

NULL mag Issue 06 03 zmodem DOS

eZine's profile picture
Published in 
null magazine
 · 3 years ago

  




as shown in previous issues, the ghost of the past hunts us even
today, cause we never learn! and not just that, but we repeat the
same mistakes even worse... did i scare you enough? mouhahahaha...

so what's this all about? its about making an "attack" on networks
with a simple string. for those who don't know, when you are making a
download from a bbs with zmodem or other protocol the server/bbs
sends a small string to your client program, to understand that
"hey... dude we are making a download now. get the file". the same
thing applies for uploading.

so the server sends this string, the client reads it and starts/waits
the download process. the string is like this: **B01000000000000
it has some lower ascii values also, but you can't see it as readable
text.

now's the tricky part... if i go to a network and post this string,
exactly as it should be, every user/member of the network that is
going to read it, will have a suprise! his client will see the string
and think that its getting a file, so it will initiate the download
process and wait for a file. this means that you are going to watch
the downloading screen for several minutes! every time you will
browse through that msg you will get stack on waiting for a file,
that will never come! so this is a zmodem attack.

the solution to this is not very easy, specially today, cause we have
forgot the past! the solution is to disable automatic zmodem
downloading. remember this function? back in the 80s-90s all terminal
programs had a switch to turn on/off the automatic downloading. if
you had turned it off, when you wanted to get a file, you waited to
see the string above and then press a key combination like PGDN to
get the file. if you didn't press the key combo, nothing happened. in
this way you could avoid this kind of attack. but today you almost
can't, cause almost all clients have not an auto-downloading on/off
switch. all client programs are making automatically zmodem downloads
and you can't deactivate this.

the thing is that because also the 'attackers' forgot this kind of
attack, there is no problem/troubles in the networks. but if someone
did... what could you do then? that's how forgetting the past, bites
you in the butt... the attack still is possible. all it gets is to
find the "right" way to upload the string in a msg network.


← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT