[4039] in WWW Security List Archive
RE: FW: NT4 bug? Or bug in my hardware?
daemon@ATHENA.MIT.EDU (Phillip M. Hallam-Baker)
Wed Jan 22 20:21:13 1997
From: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>
To: "'Tom Vandepoel'" <tom@netvision.be>,
"Jason T. Luttgens"
<luttgenj@kic.or.jp>
Cc: "www-security@ns2.rutgers.edu" <www-security@ns2.rutgers.edu>
Date: Wed, 22 Jan 1997 17:29:39 -0500
Errors-To: owner-www-security@ns2.rutgers.edu
Jason T. Luttgens wrote:
>
> Can anyone confirm this? On an NT4 server (maybe workstation too, I don't have it to try),
> if you telnet to port 135, type a bunch of junk (say 10-20 characters), hit enter and disconnect,
> the server's processor utilization will go up to 100%!!! The only fix I found was to reboot.
> I tried with and without SP2.....same result. The installation is 'out of the box' with standard
> default install options, of course including TCP/IP. I have no other NT4 servers to try this on
> and was wondering if I could get someone to try and confirm this .....
>
Yeh, it works. And it just keeps on going.
Another great reason to switch to linux...
Site system security officers can implement a partial protection
against this problem by implementing router level filtering.
The proper place to discuss system issues like this is in lists like
BUGTRAQ which are there for the purpose. The current state of knowledge
is that it appears to be a problem for all versions of NT and there is
not yet a fix.
Linux advocates should note that their system is not without sin. The
ping 'o death and crontab issues having recently come up.
Phill
