Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NTBugtraq> 1999-q4

NTBugtraq And NTSecurity Archives: Re: APC PowerChute Plus 5.1

Re: APC PowerChute Plus 5.1 NT (Denial of Service Attack).

Chris Tobkin (tobkinJAWS.UMN.EDU)
Wed, 24 Nov 1999 22:48:26 -0600

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Ussr Labs: "Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability"
Previous message: Russ: "40-bit SP6a no different than SP6 on MS website?"

> 5.2 for NT 4.0 should ship around the end of December (before the W2K
> version).

Cute. Especially since their web site calls the single piece of beta
software: PowerChute plus v5.2 Beta 2 for Windows NT/2000 (Intel)

> If you could download the beta off our web site and beat
> the heck out of it & give it your best shot at crashing we'd appreciate
> it - we've had good luck in our development labs but it helps a lot to
> have people beating on it.
>
> Thanks and if you find any other issues please let me know,

I got basically the same response from them when I asked about this
2 weeks ago. According to their "programmers" a workaround is to
configure it as a standalone server, meaning you lose the ability to check
it across the network. (stop the UPS service; in Pwrchute.ini set
Tcp/Ip=No ; save ; restart the service) I've found this is a decent
interim workaround, but I don't know if I care to trust software that is
released so prematurely that it dies without any errors or alerts when you
connect to a port and simply hit enter a few times.

The version 5.2 Beta is available at:
http://www.apcc.com/tools/download/sw_kit.cfm?sku=sdw27
ftp://ftp.apcc.com/apc/public/software/windows/nt40/pcplus/52b/

I believe I'll be trying it on one of my less-mission-critical servers
this week.

Personally, I believe this could have been implemented better than opening
up some well-known and periodically scanned for ports. APC seems to think
otherwise - 5.2 will also open ports 6667 and 6668 according to their
developers.

References:
http://159.215.19.5/kbasewb2.nsf/For+External/23C51C09B273F59D80256759002D006C?OpenDocument

// chris
tobkinumn.edu

Motto of marketing: it's better to be first than to be best
Motto of users: it's better to be best than be first
Motto of windows products: it's better to fix it in "the next release"
than to spend money testing it yourself

*************************************************************************
Chris Tobkin tobkinumn.edu
Java and Web Services - Academic and Distributed Computing Services - UMN
Shep. Labs 190 Minneapolis, MN 55455
             ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
        "Nothing great was ever achieved without enthusiasm."
        - Ralph Waldo Emerson, poet, writer, and philosopher
*************************************************************************

Next message: Ussr Labs: "Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability"
Previous message: Russ: "40-bit SP6a no different than SP6 on MS website?"

This archive was generated by hypermail 2.0b3 on Mon Nov 29 1999 - 12:12:38 CST