[10991] in bugtraq
Re: IGMP fragmentation bug in Windows 98/2000
daemon@ATHENA.MIT.EDU (Steve)
Mon Jul 12 13:28:44 1999
Message-Id: <19990709060359.99333.qmail@securityfocus.com>
Date: Fri, 9 Jul 1999 06:03:59 -0000
Reply-To: Steve <jpeg@MAILEXCITE.COM>
From: Steve <jpeg@MAILEXCITE.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSF.4.02A.9907031746290.22861-200000@leet.k-r4d.com>
Hello all,
I've compiled this and the other two exploits and tested
against two win98 (original not SE) machines and they
remained perfectly up and active. I then ran Conseal PC
Firewall ver. 1.35 on one machine and it didn't even pick up
any incoming packets.
No i'm not behind any firewalls (besides the one i put up
myself to see if anything is even going on).
Has anyone actually been afected by this "DoS", or been able
to reproduce this bug on thier system(s)?
--------------------------------------------------------
--Jpeg
http://www.sunynassau.edu/dptpages/physci
------------------------------------------
Windows 98's TCP/IP stack chokes on fragmented IGMP packets.
There is an
exploit out there called "fawx" that supposedly exploits
this problem,
but I haven't had any success crashing Windows with it.
Recently I was
given source to a program that reliably crashed
Win98/98SE/2000 build 2000
and challenged my friend defile to see who could write a
version of it
utilizing handcrafted igmp/ip headers for source spoofing
support. Here is
the resulting code that works against most systems with one
or two tries.
-----------code sniped-----------------------
