Neperos
SIGN IN
Copy Link
Add to Bookmark
Report

NULL mag Issue 06 03 zmodem DOS

eZine's profile picture
eZine lover (@eZine)
Published in 
null magazine
 · 26 Dec 2020

  

 

 
    as shown in previous issues, the ghost of the past hunts us even 
    today, cause we never learn! and not just that, but we repeat the 
    same mistakes even worse... did i scare you enough? mouhahahaha... 

    so what's this all about? its about making an "attack" on networks 
    with a simple string. for those who don't know, when you are making a 
    download from a bbs with zmodem or other protocol the server/bbs 
    sends a small string to your client program, to understand that 
    "hey... dude we are making a download now. get the file". the same 
    thing applies for uploading. 

    so the server sends this string, the client reads it and starts/waits 
    the download process. the string is like this: **B01000000000000 
    it has some lower ascii values also, but you can't see it as readable 
    text. 

    now's the tricky part... if i go to a network and post this string, 
    exactly as it should be, every user/member of the network that is 
    going to read it, will have a suprise! his client will see the string 
    and think that its getting a file, so it will initiate the download 
    process and wait for a file. this means that you are going to watch 
    the downloading screen for several minutes! every time you will 
    browse through that msg you will get stack on waiting for a file, 
    that will never come! so this is a zmodem attack. 

    the solution to this is not very easy, specially today, cause we have 
    forgot the past! the solution is to disable automatic zmodem 
    downloading. remember this function? back in the 80s-90s all terminal 
    programs had a switch to turn on/off the automatic downloading. if 
    you had turned it off, when you wanted to get a file, you waited to 
    see the string above and then press a key combination like PGDN to 
    get the file. if you didn't press the key combo, nothing happened. in 
    this way you could avoid this kind of attack. but today you almost 
    can't, cause almost all clients have not an auto-downloading on/off 
    switch. all client programs are making automatically zmodem downloads 
    and you can't deactivate this. 

    the thing is that because also the 'attackers' forgot this kind of 
    attack, there is no problem/troubles in the networks. but if someone 
    did... what could you do then? that's how forgetting the past, bites 
    you in the butt... the attack still is possible. all it gets is to 
    find the "right" way to upload the string in a msg network. 


← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

guest's profile picture
@guest
9 May 2024
nice video
guest's profile picture
@guest
9 May 2024
Thank you for posting it. A lot of interesting infos how to make beer at home
guest's profile picture
@guest
8 May 2024
very tasty
guest's profile picture
@guest
8 May 2024
I like the old PC-viruses. They were very popular in the 90s
guest's profile picture
@guest
8 May 2024
Sabung Ayam Online
guest's profile picture
@guest
7 May 2024
I like the idea of using Caraffa to color the beer
guest's profile picture
@guest
7 May 2024
Sabung Ayam Online
guest's profile picture
@guest
6 May 2024
Situs Sabung Ayam Digmaan
AniphaeS's profile picture
@AniphaeS
5 May 2024
Yes, you are right! The correct spelling is " QUEENS". Thanks a lot for the warning 🙂
guest's profile picture
@guest
5 May 2024
Daikatana was my favorite game on the Nintendo64. I have played it a lot but never managed to complete it 100%
a Francesco Arca production 2016 - 2024
Terms of Service - Privacy Policy
neperos on mastodon
Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT