Lots of mail this morning concerning this issue. I'll summarize. Window for Workgroups 3.11 IS vulnerable. Windows 95 without Winsock2 and the VIP update IS vulnerable. Windows 95 with Winwosk 2 and the VIP update is NOT vulnerable. NT 4.0 with no Service Packs and Hot-Fixes IS vulnerable. NT 4.0 with Service Pack 3 goes to 100% CPU for about a minute and then goes back to normal. NT 4.0 with Service Pack 3 with all the hot-fixes (simpletcp+icmp) is NOT vulnerable. NeXTSTEP 3.0 IS reported as vulnerable. FreeBSD 2.2.5 IS reported as vulnerable. Linux 2.0.32 is NOT vulnerable. If any of you find that this information is incorrect please let me know. In particular I would like people to double check FreeBSD, and test NetBSD, BSDI, and OpenBSDI. Also, please, when you are reporting an affected OS include that exact version, patch level, serive packs, and hot-fixes installed. It is of no use is you simple state "it crashed NT". As John W. Temples <johnat_private> pointed out this attack is rendered ineffective by filtering packets from the Internet through your gateway router which have source addresses on the network. Aleph One / aleph1at_private http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:32:17 PDT