Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1999_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1999: Possible DOS in WinNT RAS (PPTP)

Possible DOS in WinNT RAS (PPTP)

Simon Helson (simonCONCEPTS.CO.NZ)
Tue, 27 Apr 1999 09:29:06 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Michael Howard: "New IIS Security Tool Available"
Previous message: Sean MacGuire: "FW: Security Notice: Big Brother 1.09b/c"
Next in thread: grantag: "Re: Possible DOS in WinNT RAS (PPTP)"

Please excuse if this has been posted before, I did a quick search of the
archives and found nothing
This hasn't been sent to MS, as I don't know an email address to send it
to, Aleph, if you find it worthy of sending, please forward a copy to the
MS people for their attention. Cheers.

I was playing around with PPTP last night, and discovered that, with "very"
minimal effort, I could cause my friends NT Server (version 4, service pack
4) to reboot instantly, without shutting down. All I did was telnet to the
port (1723) on the NT box, and then send the following data.

hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhhhhhhhhhhhhhh (that's 256 'h's for those who don't want to
count :-)

and hit return. nothing. BUT, then I hit ^D and all hell broke loose. The
NT server dropped like a stone, full hardware reboot.

I tested this multiple times and always got the same response.

The NT Server was version 4, with Service pack 4 applied.

Cheers

Simon

Next message: Michael Howard: "New IIS Security Tool Available"
Previous message: Sean MacGuire: "FW: Security Notice: Big Brother 1.09b/c"
Next in thread: grantag: "Re: Possible DOS in WinNT RAS (PPTP)"