We develop a code baseline to test the UPNP DOS. The dos consists in sending a udp packet to port 1900 with a NOTIFY request. This request has a URL that XP uses to open a tcp connection. The XP does not sanitize this request so whatever URL and port could be specified. Once the tcp connection is opened, a chargen code fills the XP memory and the machine gets into an unstable state with a 100% of cpu utilization. Gabriel Maggiotti, Fernando Oubiņa <<chargen.c>> <<upnp_udp.c>>
Attachment:
chargen.c
Description: chargen.c
Attachment:
upnp_udp.c
Description: upnp_udp.c
