Bugtraq mailing list archives
Re: Microsoft Security Bulletin (MS00-054)
From: Jacek Lipkowski <sq5bpf () ROCK ANDRA COM PL>
Date: Mon, 14 Aug 2000 18:31:30 +0200
regarding the "Malformed IPX Ping Packet" Vulnerability: - it would be nice if Microsoft provided some credit to the author (me ;), and a link to where the relevant information was posted, see: http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-01&msg=Pine.LNX.4.10.10006021758390.16250-200000 () rock andra com pl or search for the subject 'ipx storm' on bugtraq - it should also be noted, that other ipx stacks may be vulnerable, netware (3.x and 4.x tested) for example hapily replies to these packets (and jumps to high cpu utilisation), as do probably other ipx-enabled devices (anybody have any print servers to test?), i've seen some windows nt servers respond to these packets (but not all - i can't reproduce this at work) as to why this is an issue, see the next point: - in the faq that Microsoft provided, it is stated:
How long would the broadcast storm last? It would be brief first of all, because the responses wouldnt trigger any additional responses, and second because each affected machine would fail after seeing its response.
it doesn't have to last for a short time, set the source address to a netware server (or any other machine that answers ipx pings, and won't hang when it gets them), and the destination to broadcast, send the packet, and now you have a relatively long lasting broadcast storm (several minutes). the windows machines won't die, because they don't have to respond to their own packets. jacek
Current thread:
- Microsoft Security Bulletin (MS00-054) Microsoft Product Security (Aug 04)
- <Possible follow-ups>
- Re: Microsoft Security Bulletin (MS00-054) Jacek Lipkowski (Aug 14)