I was at the CCC (28C3) congress in Berlin recently. Where the two researchers Alexander ‘alech’ Klink and Julian ‘zeri’ Wälde disclosed a DoS vulnerability affecting about all programming languages in the way they utilize hashtables. Funny thing is, most server technologies, PHP, ASP (.NET), Java variants, Pyhon (django) etc, all appear to be vulnerable to different variants of the attack. It consists of abusing the hashtable datastructure(s) in a way…
More+Back in good old 2008, a researcher at the security firm Outpost24 – Jack C. Louis; found a crucial DoS vulnerability in the fundaments of TCP/IP. In fact, it turned out to be so powerful, that all major operating systems appeared to be vulnerable.
We got a PoC…
More+I’m not sure if you’ve heard it or not, it’s actually “rather old” news now, but PHP 5.3.X suffers from a floating-point denial of service. If the PHP interpreter tries to parses a specific number, the fork/thread (?) simply hangs and starts consuming CPU resources…
More+Yeah, you know the deal. Another network-based attack! This time, a LAND-attack (Local Area Network Denial – attack). I know the first thing that comes to your mind is: “LAME. With a MITM (Man-in-the-Middle), you can at least steal data, with this you simply DoS someone…” Not so fast.
More+Here comes another example on how nokitel can be used for penetration testing. Ever heard about a CAM-Table-Overflow? Though so. It’s not a very common exploitation method. This is a short description quoted from hakipedia,com: “A switch’s CAM table contains network information such as MAC addresses available on physical switch ports and associated VLAN parameters. [...]“
More+