Bugtraq mailing list archives
Re: IP DOS attacks -- Win95 and WinNT
From: paulle () MICROSOFT COM (Paul Leach)
Date: Wed, 19 Nov 1997 14:17:09 -0800
Don't follow my instructions. It appears that the current VIPUPD assumes WS2, and at least on some systems, will hose TCP if applied with the VTCPUPD (the OOB fix). Other people report running both OK. We don't know why. (We believe the earlier version if VIPUPD did work properly with VTCPUPD). We're working on it furiously. I'm really sorry for the bad advice.
---------- From: Paul Leach Reply To: Paul Leach Sent: Tuesday, November 18, 1997 2:48 PM To: BUGTRAQ () NETSPACE ORG Subject: IP DOS attacks -- Win95 and WinNT I mentioned recently that for Windows NT the reported denial of service attack (in code labelled "teardrop.c") was fixed last July. We have verified that it was also fixed for Win95 -- here is the URL for the KB article ( Q154174 ) that has links to get fixes for both platforms: http://premium.microsoft.com/support/kb/articles/q154/1/74.asp If you're going to apply that patch, I'd also recommend looking at KB Q168747: http://premium.microsoft.com/support/kb/articles/q168/7/47.asp which has links to fixes for both platforms for an OOB attack. (Despite the URL prefix, I'm told that these are freely available even if you haven't paid for premium suuport. There's no way I can verify that for sure, however. I was able to access them without any problem -- but what does that prove? :-) I'd suggest applying both to any Windows 95 or Windows NT machine attached to an IP network from which such attacks might originate. In the future when reporting IP attacks, it would be quite useful to mention that they work even when these fixes are applied -- otherwise we'll reply asking if they have been, and suggesting that they be applied if not. I.e, if you've really found a new problem, it will reduce the time to fix it if you tell us up front you're reporting an exploit that works even with the latest fixes.
Current thread:
- Re: IP DOS attacks -- Win95 and WinNT Paul Leach (Nov 19)