Re: IGMP fragmentation bug in Windows 98/2000

Steve (jpegMAILEXCITE.COM)
Fri, 9 Jul 1999 06:03:59 -0000

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Christopher Schulte: "PR from MS about BO2K"
• Previous message: Stephen C Woods: "Re: Exploit of rpc.cmsd"
• Maybe in reply to: Bob Todd: "Exploit of rpc.cmsd"
• Next in thread: Ochani, Steve: "Re: IGMP fragmentation bug in Windows 98/2000"

Hello all,

I've compiled this and the other two exploits and tested
against two win98 (original not SE) machines and they
remained perfectly up and active. I then ran Conseal PC
Firewall ver. 1.35 on one machine and it didn't even pick up
any incoming packets.

No i'm not behind any firewalls (besides the one i put up
myself to see if anything is even going on).

Has anyone actually been afected by this "DoS", or been able
to reproduce this bug on thier system(s)?

--------------------------------------------------------
--Jpeg
http://www.sunynassau.edu/dptpages/physci

------------------------------------------
Windows 98's TCP/IP stack chokes on fragmented IGMP packets.
There is an
exploit out there called "fawx" that supposedly exploits
this problem,
but I haven't had any success crashing Windows with it.
Recently I was
given source to a program that reliably crashed
Win98/98SE/2000 build 2000
and challenged my friend defile to see who could write a
version of it
utilizing handcrafted igmp/ip headers for source spoofing
support. Here is
the resulting code that works against most systems with one
or two tries.

-----------code sniped-----------------------

• Next message: Christopher Schulte: "PR from MS about BO2K"
• Previous message: Stephen C Woods: "Re: Exploit of rpc.cmsd"
• Maybe in reply to: Bob Todd: "Exploit of rpc.cmsd"
• Next in thread: Ochani, Steve: "Re: IGMP fragmentation bug in Windows 98/2000"

This archive was generated by hypermail 2.0b3 on Sun Jul 11 1999 - 19:36:16 CDT