Re: Windows 95/NT DoS

[wiseleo () JUNO COM (Leonid S Knyshov)]

On Fri, 9 May 1997 22:11:55 -0400 myst <myst () LIGHT-HOUSE NET> writes:
> Hello,
>
>        It is possible to remotely cause denial of service to any
> windows
> 95/NT user.  It is done by sending OOB [Out Of Band] data to an
> established connection you have with a windows user.  NetBIOS [139]
> seems
> to be the most effective since this is a part of windows.  Apparently
> windows doesn't know how to handle OOB, so it panics and crazy things
> happen.  I have heard reports of everything from windows dropping
> carrier
> to the entire screen turning white.  Windows also sometimes has
> trouble
> handling anything on a network at all after an attack like this.  A
> reboot fixes whatever damage this causes.  Code follows.
>
>
> _eci
[code deleted]

Eci: thanks for bringing this up, I've noticed such messages in my system
logs while I am on IRC now its not puzzling anymore.

I have a couple of questions though :)

First of all, did anyone check if this behavior continues after you
update your Dial-Up networking to MS-ISDN Accelerator pack?

> From what I've heard Trumpet Software's TCP/IP stack is not vulnerable
and so is Chameleon,could someone verify that?

Has anyone reported this to Microsoft yet? I see potential damage to
thousands of people who use IRC and windows clients for example.

That's all for now :)

***
Leonid Knyshov AKA Wise_One <wiseleo () juno com>
http://kiassociates.com/computerhelp
http://kiassociates.com/computerhelp/personal
For file attachments please use wiseleo () hotmail com and send a note about
it here :)