('binary' encoding is not supported, stored as-is) In-Reply-To: <BAY2-DAV66Cxy1tQKrV00020bd4at_private> Yep, you can use Synk4 and configure it to attack ports 88 and 464. Works within seconds (low-level bandwidth attack). You can google for Synk4 or get it off our FIRE disk. > >G'day, > > Anyone out there found an easy (script-kiddie) way to demonstrate this >as a genuine vuln during a test? I've googled but can't find an exploit for >this other than the text reading ... > >----------------------=[Detailed Description]=------------------------ >By creating a connection to the kerberos service and the disconnecting >again, without reading from the socket, the LSA subsystem will leak >memory. After about 4000 connections the kerberos service will stop >accepting connections to tcp ports 88 (kerberos) and 464 (kpasswd) and >all domain authentication will effectively have died (if the target >was a domain controller). > > >It requires a reboot to recover from the attack. > > >---------------------------=[Workaround]=----------------------------- > > > > Since everyone on the list should know by now my programming abilities >stopped at 'hello world' any pointers would be gratefully accepted. > >Yours > >Ian > >-------------------------------------------------------------------------- - >-------------------------------------------------------------------------- -- > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Aug 07 2003 - 11:37:07 PDT