Re: IP DOS attacks -- Win95 and WinNT

[paulle () MICROSOFT COM (Paul Leach)]

Don't follow my instructions.

It appears that the current VIPUPD assumes WS2, and at least on some
systems, will hose TCP if applied with the VTCPUPD (the OOB fix). Other
people report running both OK. We don't know why.  (We believe the earlier
version if VIPUPD did work properly with VTCPUPD).

We're working on it furiously.

I'm really sorry for the bad advice.


> ----------
> From:         Paul Leach
> Reply To:     Paul Leach
> Sent:         Tuesday, November 18, 1997 2:48 PM
> To:   BUGTRAQ () NETSPACE ORG
> Subject:      IP DOS attacks -- Win95 and WinNT
>
> I mentioned recently that for Windows NT the reported denial of service
> attack (in code labelled "teardrop.c") was fixed last July.
> We have verified that it was also fixed for Win95 -- here is the URL for
> the
> KB article ( Q154174 ) that has links to get fixes for both platforms:
>         http://premium.microsoft.com/support/kb/articles/q154/1/74.asp
>
> If you're going to apply that patch, I'd also recommend looking at KB
> Q168747:
>         http://premium.microsoft.com/support/kb/articles/q168/7/47.asp
> which has links to fixes for both platforms for an OOB attack.
>
> (Despite the URL prefix, I'm told that these are freely available even if
> you haven't paid for premium suuport. There's no way I can verify that for
> sure, however. I was able to access them without any problem -- but what
> does that prove? :-)
>
> I'd suggest applying both to any Windows 95 or Windows NT machine attached
> to an IP network from which such attacks might originate.
>
> In the future when reporting IP attacks, it would be quite useful to
> mention
> that they work even when these fixes are applied -- otherwise we'll reply
> asking if they have been, and suggesting that they be applied if not.
>
> I.e, if you've really found a new problem, it will reduce the time to fix
> it
> if you tell us up front you're reporting an exploit that works even with
> the
> latest fixes.