Home page logo

bugtraq logo Bugtraq mailing list archives

Re: IGMP fragmentation bug in Windows 98/2000
From: jpeg () MAILEXCITE COM (Steve)
Date: Fri, 9 Jul 1999 06:03:59 -0000

Hello all,

I've compiled this and the other two exploits and tested  
against two win98 (original not SE) machines and they 
remained perfectly up and active. I then ran Conseal PC 
Firewall ver. 1.35 on one machine and it didn't even pick up 
any incoming packets.

No i'm not behind any firewalls (besides the one i put up 
myself to see if anything is even going on).

Has anyone actually been afected by this "DoS", or been able 
to reproduce this bug on thier system(s)? 


Windows 98's TCP/IP stack chokes on fragmented IGMP packets. 
There is an
exploit out there called "fawx" that supposedly exploits 
this problem,
but I haven't had any success crashing Windows with it. 
Recently I was
given source to a program that reliably crashed 
Win98/98SE/2000 build 2000
and challenged my friend defile to see who could write a 
version of it
utilizing handcrafted igmp/ip headers for source spoofing 
support. Here is
the resulting code that works against most systems with one 
or two tries.

-----------code sniped-----------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]