UDP DoS attack in Win2k via IKE

From: c0redump (c0redumpat_private)
Date: Fri Dec 07 2001 - 09:37:07 PST

Next message: Joshua Merchant: "RE: Another IE denial of service attack"

Previous message: sh0: "Red Faction Server/Client DOS"
Next in thread: Darren Reed: "Re: UDP DoS attack in Win2k via IKE"
Reply: Darren Reed: "Re: UDP DoS attack in Win2k via IKE"
Reply: Marcelo Bartsch: "Re: UDP DoS attack in Win2k via IKE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

UDP DoS in Win2k via IKE

PROBLEM
=======
A DoS attack can be carried out on Win2k machines running IKE (internet key
exchange) by sending flooding IKE with UDP packets.  This can cause the
machine to lock up and render 99% of the CPU.

EXPLOIT
======
Connect to port 500 (IKE) of the Win2k box and start sending UDP packets of
more than 800 bytes continuously.  The box will eventually stop responding
and services will be denied due to 99% CPU usage from the packets.

SOLUTION
=======
Firewall port 500 off if IPSsec is not in use.

c0redumpat_private
gridrunat_private
#hacktech @ undernet

Next message: Joshua Merchant: "RE: Another IE denial of service attack"
Previous message: sh0: "Red Faction Server/Client DOS"
Next in thread: Darren Reed: "Re: UDP DoS attack in Win2k via IKE"
Reply: Darren Reed: "Re: UDP DoS attack in Win2k via IKE"
Reply: Marcelo Bartsch: "Re: UDP DoS attack in Win2k via IKE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 07 2001 - 10:12:39 PST