Alert: Chargen Flooding fix now available

[aleph1 () DFW NET (Aleph One)]

---------- Forwarded message ----------
Date: Wed, 23 Jul 1997 17:09:50 -0400
From: Russ <Russ.Cooper () RC ON CA>
To: NTBUGTRAQ () RC ON CA
Subject: Alert: Chargen Flooding fix now available

Thanks to Marc Bejarano for bringing this to our attention.

Excerpt from KB Article Q154460:
A malicious attack may be mounted against Windows NT computers with the
Simple TCP/IP Services installed. The attack consists of a flood of UDP
datagrams sent to the subnet broadcast address with the destination port
set to 19 and a spoofed source IP address. The Windows NT computers
running Simple TCP/IP services respond to each broadcast, creating a
flood of UDP datagrams.

The fix, and the full KB article can be found at;

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixe
s-postSP3/simptcp-fix

Cheers,
Russ
R.C. Consulting, Inc. - NT/Internet Security
owner of the NTBugTraq mailing list:
http://ntbugtraq.rc.on.ca/index.html