Re: [NTSEC] CPU 100% Update (fwd)

[ahuger () SECNET COM (Alfred Huger)]

On Tue, 28 Jan 1997, Aleph One wrote:
> Finally, on the issue of NT DNS. There was a security advisory sent out
> by Secure Computing indicating that NT DNS could be exploited by sending

The advisory was released by Secure Networks Inc. *Not* Secure Computing.

> results were that between DNS.EXE and SERVICES.EXE the CPU utilization
> was pegged at 100%.

The issue we released an advisory on was the NT DNS server choking and
dying when it recieved a response for a query it never issued. The patch
provided does not work.

> these problems, but I should warn you that this is not a supported fix

Yep, it is in fact an usupported patch.

> Given that DNS is one of the things that must be left open, the fact
> that it resolves the CPU 100% utilization problem from Telnet
> connections makes it a good fix in my book. I leave it to you to decide
> if you want to apply it or not. As yet, I have not seen a version for
> Alphas.

While the patch does not work for what *we* reported, it did seem to fix
the 100% CPU usage problem. Cold comfort considering anyone, anywhere on
the Internet can easilly *remove* your DNS server.


/*************************************************************************
Alfred Huger                                            Phone: 403.262.9211
Secure Networks Inc.                                    Fax: 403.262.9221
"Sit down before facts as a little child , be prepared to give up every
preconcieved notion, follow humbly wherever and whatever abysses nature
leads, or you will learn nothing" - Thomas H. Huxley
**************************************************************************/