Bugtraq mailing list archives
Re: UDP DoS attack in Win2k via IKE
From: Marcelo Bartsch <mbartsch () NETGLOBALIS NET>
Date: 12 Dec 2001 09:59:57 -0300
On Fri, 2001-12-07 at 14:37, c0redump wrote: has anyone test this against Windows XP Professional? or Windows 2000 with PGPNet? i had tested windows XP Professional using nc on a linux machine, doing cat /dev/zero |nc -u target 500 and while : ; do cat /boot/vmlinuz ; done | nc -u target 500 both result on 60 to 90 % cpu usage, but machine keeps responding. same test against a windows 2000 professional with PGPNet instaled gave the same result, 100% CPU Usage. Linux with IPSec Support and ipsec enabled gave high cpu usage too. but nothing with can render the machine unusable.
UDP DoS in Win2k via IKE PROBLEM ======= A DoS attack can be carried out on Win2k machines running IKE (internet key exchange) by sending flooding IKE with UDP packets. This can cause the machine to lock up and render 99% of the CPU. EXPLOIT ====== Connect to port 500 (IKE) of the Win2k box and start sending UDP packets of more than 800 bytes continuously. The box will eventually stop responding and services will be denied due to 99% CPU usage from the packets. SOLUTION ======= Firewall port 500 off if IPSsec is not in use. c0redump () ackers org uk gridrun () spacebitch com #hacktech @ undernet
-- Marcelo Bartsch mbartsch () netglobalis net # # Failure is not an option. It comes bundled with your Microsoft product. # Fallar no es una opcion. Viene incluido con tu producto Microsoft. # -- Ferenc Mantfeld
Attachment:
_bin
Description:
Current thread:
- UDP DoS attack in Win2k via IKE c0redump (Dec 07)
- Re: UDP DoS attack in Win2k via IKE Darren Reed (Dec 08)
- Re: UDP DoS attack in Win2k via IKE Marcelo Bartsch (Dec 12)
- Re: UDP DoS attack in Win2k via IKE Emre Yildirim (Dec 12)
- <Possible follow-ups>
- UDP DoS attack in Win2k via IKE c0redump (Dec 11)