[ISN] Old-School DoS Attack Can Penetrate XP SP2

From: InfoSec News (isn@private)
Date: Wed Mar 09 2005 - 04:03:19 PST


Forwarded from: Kelley <securitylists@private>

http://www.eweek.com/article2/0,1759,1773958,00.asp

By Ryan Naraine
March 8, 2005 

Microsoft Corp.'s newest operating systems can be penetrated by an
old-school-type denial-of-service attack, according to a warning from
a security researcher.

In a SecurityFocus advisory, researcher Dejan Levaja warned that
Windows Server 2003 and XP Service Pack 2 (with Windows Firewall
turned off) could lead to LAND attacks.

A LAND attack is a remote denial-of-service condition caused by
sending a packet to a machine with the source host/port the same as
the destination host/port. The LAND attack scenario was discussed in
1997 by Carnegie Mellon's CERT Coordination Center.

Using widely available reverse-engineering tools, Levaja found that a
single LAND packet sent to a file server could cause Windows Explorer
to freeze on all workstations connected to that server. "CPU on server
goes 100% [and] network monitor on the victim server sometimes can not
even sniff malicious packet," Levaja warned.

He said the script could be replayed endlessly to cause a total
collapse of the network.

A spokeswoman for Microsoft confirmed Levaja's findings but downplayed
the risk to customers.

"Our initial investigation has revealed that this reported
vulnerability cannot be used by an attacker to run malicious software
on a computer. At this point, our analysis indicates the impact of a
successful attack would be to cause the computer to perform sluggishly
for a short period of time,"  the spokeswoman said in a statement sent
to eWEEK.com.

She said customers running the Windows Firewall, enabled by default on
Windows XP SP2, are not impacted by this issue. Microsoft suggests
that customers adopt TCP/IP hardening practices to protect against
denial-of-service attacks.

In the absence of a patch from Microsoft, security research outfit
Secunia recommends that affected users filter traffic with the same IP
address as source and destination address.



http://www.inkworkswell.com

"Be a scribe! Your body will be sleek, your hand
will be soft. You are  one who sits grandly in your
house; your servants answer speedily; beer is poured
copiously; all who see you rejoice in good cheer.
Happy is  the heart of him who writes; he is young
each day."

                  --Ptahhotep, Vizier to Isesi,
                    Fifth Egyptian Dynasty, 2300 BC                  


_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005



This archive was generated by hypermail 2.1.3 : Wed Mar 09 2005 - 06:22:36 PST