Re: ZDNet Article: "Major Unix flaw emerges"

[David LeBlanc <dleblanc () mindspring com>]

At 07:16 PM 3/1/99 -0500, David C Niemi wrote:

> I'm interested in collecting feedback to this article off-line, from those
> who have some knowledge about the vulnerability of UNIX-based firewalls and
> servers to denial of service by filling up the process table via null
> connections.  I'm also curious whether this vulnerability applies to NT as
> well, and if not why not.  The article is at:

> http://www.zdnet.com/zdnn/stories/news/0,4586,2217922,00.html

The answer is yes and no.  In the general case, we're looking at a resource
starvation attack, and NT isn't any more or less susceptable to that type
of attack than any other OS.

However, NT daemons (services) typically use threads rather than
heavyweight processes, and the number of running threads is limited by
available RAM, not the size of some table.  It is also typical for an NT
daemon to use a pool of threads to handle incoming requests (e.g., IIS), so
an attack would most likely cause a DoS to a single service, and not nuke
the entire machine.  I do know of exceptions to this.  I've also noticed NT
tending to get annoyed when you have very large numbers of sockets open
(10-20,000), but that isn't a very practical remote attack most of the time.


David LeBlanc
dleblanc () mindspring com