Re: "LAND" Attack Update

From: Ian C. Reandeau (Ianrat_private)
Date: Thu Nov 20 1997 - 14:58:54 PST

Next message: Daniel O'Callaghan: "Re: ipfw workaround for syn-loop attack, FreeBSD 2.2.5-STABLE"

Previous message: Aleph One: ""LAND" Attack Update"
Maybe in reply to: Aleph One: ""LAND" Attack Update"
Next in thread: Aleph One: "Re: "LAND" Attack Update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

With some testing, it seems that the VTCPUPD update does seem to fix the problems
with 95 on port 139, on the other hand, if you have any other services running,
like FTP or HTTP, the machine can be crashed through those ports.

Aleph One wrote:

> This test where againts the "land" attack. This is _NOT_ about "teardrop".
>
> BSDI 2.1 (vanilla)                      IS  vulnerable
> BSDI 2.1 (K210-021,K210-022,K210-024)   NOT vulnerable
> BSDI 3.0                                NOT vulnerable
> Digital UNIX 4.0                        NOT vulnerable
> FreeBSD 2.2.2-RELEASE                   IS  vulnerable
> FreeBSD 2.2.5-RELEASE                   IS  vulnerable
> FreeBSD 2.2.5-STABLE                    IS  vulnerable
> FreeBSD 3.0-CURRENT                     IS  vulnerable
> HP-UX 10.20                             IS  vulnerable
> IRIX 6.2                                NOT vulnerable
> Linux 2.0.30                            NOT vulnerable
> Linux 2.0.32                            NOT vulnerable
> MacOS 8.0                               IS  vulnerable (TCP/IP stack crashed)
> NetBSD 1.2                              IS  vulnerable
> NeXTSTEP 3.0                            IS  vulnerable
> NeXTSTEp 3.1                            IS  vulnerable
> Novell 4.11                             NOT vulnerable
> OpenBSD 2.1                             IS  vulnerable
> OpenBSD 2.2 (Oct31)                     NOT vulnerable
> SCO OpenServer 5.0.4                    NOT vulnerable
> Solaris 2.5.1                           IS  vulnerable (conflicting reports)
> SunOS 4.1.4                             IS  vulnerable
> Windows 95 (vanilla)                    IS  vulnerable
> Windows 95 + Winsock 2 + VIPUPD.EXE     IS  vulnerable
>
> Some misc stuff:
>
> Ascend Pipeline 50 rev 5.0Ap13          NOT vulnerable
> NCD X Terminals, NCDWare v3.2.1         IS  vulnerable
> LaserJet Printer                        NOT vulnerable
>
> We got reports that applying the VTCPUPD update (originally the OOB attack
> update) when applied to Windows 95 running Winsock 2 fixes the problem.
> You may want to try it. You can download Vtcpupd.exe you
>
> http://support.microsoft.com/download/support/mslfiles/Vtcpupd.exe
>
> Thanks to Gonzo Granzeau <bygranzat_private> for pointing
> out the Windows 95 possible fix. Thanks to everyone else (to many to
> mention).
>
> Aleph One / aleph1at_private
> http://underground.org/
> KeyID 1024/948FD6B5
> Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01



--
==========================================
Ian C. Reandeau
Ten Forward Communications
http://www.tenforward.com
==========================================
Duct tape is like the force - it has a light side, a dark side, and is the stuff
that holds the universe together.

Next message: Daniel O'Callaghan: "Re: ipfw workaround for syn-loop attack, FreeBSD 2.2.5-STABLE"
Previous message: Aleph One: ""LAND" Attack Update"
Maybe in reply to: Aleph One: ""LAND" Attack Update"
Next in thread: Aleph One: "Re: "LAND" Attack Update"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:32:19 PDT