An Experiment With DOS (Denial of Service)

Posted on by
 

In my project many singletone classes are there. In a process we can control the number of objects using static functions and static variables. I was thinking how we could manage the number of instance of our programs like Babylon, Outlook etc…

Finally I got the solution that create a system wide (named object). i.e Semaphore or mutex (Kernal objects are system wide). In most of the single instance application, we are using Mutex (Binar Semaphore) to handle the single instance.

The Common Programming Tip is.

1. On Initialize, check whether a semaphore existing or not
2. If existing, exit from the application.
3. else Create semaphore and launch the application.

An attacker can take advantage of this architecture and can resuult DOS(Denial Of Serive). i.e an privilaged attacker can create a semaphore in the same name in the system and if we open the specific application, it will see the Mutex and suddenly exit. So that we can’t use the service of that application. A normal computer user is not concerned about these mutex and internal activities. What he finally need is the service from the application. Unfortunately we could not control other privilaged applications in creating the mutex and other kernal objects.

I had an experiment with DOS for Outlook and Babylon.
Outlook creates a mutex named “_outlook_mutex_” and Babylon creates in the name of “_BabylonSingleAppMutex”.

Using my application, I have first tried with babylon. Created a mutex with following code.

m_hMutex = CreateMutex(NULL,TRUE,”_BabylonSingleAppMutex”);

It went as I expected. when I launched babylon it suddenly exited. didn’t show any anything.
The case with outlook was different. For the trial, I have created a mutex with following code

m_hMutex = CreateMutex(NULL,TRUE,”_outlook_mutex_”);

Then I opened outlook. When I took the Task Manager, I could see that the process “outlook.exe” residing in the memory. after waiting for sometime, I deleted the semaphore by giving its handle. Suddenly the outlook popped up and started functioning… When I repeated same was the result with outlook and babylon. Outlook is designed in a well defined manner that, it has some handshaking communication with the semaphore its creating…

Anyway my experiment with DOS was a successful one.

 
  • Jan-Henner Wurmbach

    Sure, a privilegded attacker could create a semaphore to deny us the service of our application.
    But, being priviliged, he could infinitely more easily deny us execution rights of the application.
    The effect for us mundane users is the same.

    I dont see your point. A privilegied attacker on your machine can only mean “Repent! The end is nigh!” anyway.

  • http://sarathc.wordpress.com/ S a r a t h

    There are many ways to deny the services to an application. This is one among that.