Dailydave mailing list archives

Re: SMBLoris

From: Oliver Friedrichs <oliverfriedrichs () gmail com>
Date: Tue, 08 Aug 2017 11:47:23 -0700

Sorry to see that things haven’t changed. 

 

While it’s certainly not as sexy as RCE, it’s damaging, can lead to data loss, and as you point out, an enterprise wide 
outage.

 

Found the first one of these in NT in 1998 while reversing Microsoft’s DCE-RPC implementation which at the time was not 
yet documented: 

 

http://insecure.org/sploits/NT.smb.login.DOS.html

 

Oliver

 

From: Dailydave <dailydave-bounces () lists immunityinc com> on behalf of Dave Aitel <dave.aitel () gmail com>
Date: Tuesday, August 8, 2017 at 11:27 AM
To: "dailydave () lists immunityinc com" <dailydave () lists immunityinc com>
Subject: [Dailydave] SMBLoris

 

So I know it's Microsoft Tuesday, but we've been working on that SMBLoris bug a bit more for release to customers as 
well, and as part of that, we're spending a lot of time thinking about it, as deceptively simple as it is.

 

The thing I'm wondering is why people outside of FinancialSec  think DoS is almost a non-issue. Most companies have 
only a few domain controllers, and when those go down, the company goes down. And they have to be reachable on these 
exact ports, from anywhere in the company, essentially. 

 

It seems like this is one of those things that got a tiny splash of attention, but could be worth more. :)

 

-dave

 

_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com 
https://lists.immunityinc.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Current thread:

SMBLoris Dave Aitel (Aug 08)
- Re: SMBLoris Oliver Friedrichs (Aug 08)
- Re: SMBLoris Konrads Smelkovs (Aug 08)
  - Re: SMBLoris Bob Auger (Aug 10)