Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: WINS floodingSam Chan (chanDPG.RNB.COM)
Fri, 15 Aug 1997 09:57:41 -0400
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Paul Leach: "Simple TCP service hotfix reposted"
- Previous message: Aleph One: "BoS: solaris 2.5 D.O.S. attack"
- Maybe in reply to: Aleph One: "WINS flooding"
- Next in thread: David Montgomery: "Re: WINS flooding"
Aleph One wrote: > > ---------- Forwarded message ---------- > Date: Fri, 1 Aug 1997 12:17:53 -0400 > From: Holas, Ondxej <OHolasEXCH.DIGI-TRADE.CZ> > To: NTBUGTRAQRC.ON.CA > Subject: WINS flooding > > When a flood of random (size and contents) UDP packets is sent to port > 137/UDP to machine running WINS Server, this service stops after about 5 > seconds. I reproduced this on several machines running NTS 4.0 + WINS. > Even if there were SP3 and all (12) recent postfixes, this service > stops. The stop is regular, without Access Violation, manual restart is > possible (probably, when attacked, WINS service reports its state to > SCM). I never tried to reproduce this issue on NT 3.5x. > > I discovered there are many unprotected WINS servers in the Internet, > which are vulnerable to such attacks (including one well-known software > vendor). > > I reported this bug 06/27/1997, but now, I have neither reply from MS > nor available fix. > > If there's somebody who wants to get sample source (in C, of course) of > killing program, I can send it against E-mail. > > Ondrej Holas, MCSE > DIGI TRADE, spol. s r.o. > Czech Republic * NUKING WINS the follow comes from WinNTMag UPDATE Vol. 2, Issue 32: A problem with WINS was reported to Microsoft some months back. The problem lets a WINS server abnormally terminate. Last week, a post Service Pack 3 (SP3) hotfix was released that corrects this problem. The problem is created when invalid UDP packets are directed to a WINS server, causing it to silently terminate. ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-po stSP3/winsupd-fix -- Samuel Chan System Administrator Derivative Products Group chandpg.rnb.com (212)525-8005 Republic National Bank