---------- Forwarded message ---------- Date: Thu, 08 Jan 1998 01:52:43 -0700 From: Jiva DeVoe <jivaat_private> To: ntsecurityat_private Subject: [NTSEC] New DOS exploit for NT and Win95 (CONFIRMED) This is just an FYI. I have confirmed and reproduced a new Denial of Service exploit for Windows NT and Windows95. Under Windows NT this exploit causes a proverbial BSOD, under Windows95, this causes an exception in IFSMGR.VXD. This exploit has been reported to Microsoft! Details Without putting out a blueprint of how to cause this. This is a modified teardrop attack. (NOTE: This DOES affect machines patched against teardrop) It utilizes UDP packets with altered headers. I have also provided Microsoft with source code to this exploit. Temporary Workaround Any workaround that would have been implemented against teardrop should work against this issue. By default, the UDP packets used in this exploit are aimed at very high port numbers. So perhaps by blocking UDP packets destined for high port numbers, you might be able to prevent this attack. However, since it can be aimed at any port, a clever user could get around filters such as this. I'd be happy to talk to anyone about other alternatives for working around this issue. Please feel free to repost this to NTBUGTRAQ (I'm not on that list) or wherever else you choose. ------------- Jiva DeVoe MCSE Devware Systems jivaat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:38:21 PDT