Bugtraq mailing list archives
IP DOS attacks -- Win95 and WinNT
From: paulle () MICROSOFT COM (Paul Leach)
Date: Tue, 18 Nov 1997 14:48:02 -0800
I mentioned recently that for Windows NT the reported denial of service attack (in code labelled "teardrop.c") was fixed last July. We have verified that it was also fixed for Win95 -- here is the URL for the KB article ( Q154174 ) that has links to get fixes for both platforms: http://premium.microsoft.com/support/kb/articles/q154/1/74.asp If you're going to apply that patch, I'd also recommend looking at KB Q168747: http://premium.microsoft.com/support/kb/articles/q168/7/47.asp which has links to fixes for both platforms for an OOB attack. (Despite the URL prefix, I'm told that these are freely available even if you haven't paid for premium suuport. There's no way I can verify that for sure, however. I was able to access them without any problem -- but what does that prove? :-) I'd suggest applying both to any Windows 95 or Windows NT machine attached to an IP network from which such attacks might originate. In the future when reporting IP attacks, it would be quite useful to mention that they work even when these fixes are applied -- otherwise we'll reply asking if they have been, and suggesting that they be applied if not. I.e, if you've really found a new problem, it will reduce the time to fix it if you tell us up front you're reporting an exploit that works even with the latest fixes.
Current thread:
- What were the opcodes to hang a Pentium again? (fwd), (continued)
- What were the opcodes to hang a Pentium again? (fwd) Darren Reed (Nov 11)
- Re: Microsoft Office security bug Aleph One (Nov 11)
- Vunerability in Lizards game SUID (Nov 11)
- Re: Vunerability in Lizards game Alex Murray (Nov 12)
- Re: Vunerability in Lizards game Olaf Titz (Nov 13)
- Re: Vunerability in Lizards game Kragen \ (Nov 13)
- Re: Vunerability in Lizards game Neil Levine (Nov 17)
- Re: Vunerability in Lizards game Joe Zbiciak (Nov 18)
- Re: Vunerability in Lizards game Zoltan Hidvegi (Nov 18)
- Major Security Flaw in Cybercash 2.1.2 Kerri Kraft (Nov 19)
- IP DOS attacks -- Win95 and WinNT Paul Leach (Nov 18)
- Updating microcode on the fly Superuser (Nov 12)
- Re: Updating microcode on the fly Jyri Kaljundi (Nov 12)
- solaris 251 & syslogd Michael Helm (Nov 12)
- Re: solaris 251 & syslogd Richard Peters (Nov 12)
- Re: solaris 251 & syslogd Dave Kinchlea (Nov 12)
- CERT Advisory CA-97.25 - REVISED- Code Correction Aleph One (Nov 12)
- Bug In Security Dynamics' FTP server (Version 2.2) sp00n (Nov 12)
- Intel Pentium Bug: BSDI Releases a patch Joe Ilacqua (Nov 11)
- Re: Intel Pentium Bug Kragen \ (Nov 10)