On Thu, 16 Apr 1998, Gus Huber wrote: Check out a program called 'fraggle' or consult my document at http://www.quadrunner.com/~chuegen/smurf.txt ==>While reading threads on the list I'm cc'ing this message to, I thought of ==>a similar attack to smurf, that could be a problem based on SMURF attacks. ==>ICMP isn't the only services that can be potentialy exploited via his bug, ==>UDP could be a huge player too. For example those of you familiar with ==>SMB might be able to deduce what I am getting at. Just a little test I ==>did today. ==>dialin:> nmblookup -B broadcast.mydomain.com \* <hidden to protect the ==>innocent> ==> ==>Well then I went to my packet loging facilities. ==> ==>Since the class c that I send the broadcast was primarily windows machines ==>I got approximately 200 replys to this one udp packet. It seems to me ==>that this could be allmost as big of a player as smurf if executed ==>tactfuly. Some common UDP services can be fooled into sending back many ==>more packets than you send in, especialy on windows machines. I sent this ==>to this list in hopes it would be dealt with before widespread exploit of ==>it could take place. ==> ==> Gus Huber <gus@pbx.org> ==> ==>