[23469] in bugtraq
Re: UDP DoS attack in Win2k via IKE
daemon@ATHENA.MIT.EDU (Marcelo Bartsch)
Wed Dec 12 12:04:19 2001
From: Marcelo Bartsch <mbartsch@NETGLOBALIS.NET>
To: c0redump <c0redump@ackers.org.uk>
Cc: bugtraq@securityfocus.com
In-Reply-To: <001901c17f45$cb54fc60$0100a8c0@downstairs>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature";
boundary="=-BoVLZkzvR5SgyotfZ+BT"
Date: 12 Dec 2001 09:59:57 -0300
Message-Id: <1008161997.5352.0.camel@R2D2.NETGLOBALIS.CL>
Mime-Version: 1.0
--=-BoVLZkzvR5SgyotfZ+BT
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Fri, 2001-12-07 at 14:37, c0redump wrote:
has anyone test this against Windows XP Professional? or Windows 2000
with PGPNet?
i had tested windows XP Professional using nc on a linux machine, doing
cat /dev/zero |nc -u target 500
and
while : ; do cat /boot/vmlinuz ; done | nc -u target 500
both result on 60 to 90 % cpu usage, but machine keeps responding. same
test against a windows 2000 professional with PGPNet instaled gave the
same result, 100% CPU Usage.
Linux with IPSec Support and ipsec enabled gave high cpu usage too. but
nothing with can render the machine unusable.
> UDP DoS in Win2k via IKE
>=20
> PROBLEM
> =3D=3D=3D=3D=3D=3D=3D
> A DoS attack can be carried out on Win2k machines running IKE (internet k=
ey
> exchange) by sending flooding IKE with UDP packets. This can cause the
> machine to lock up and render 99% of the CPU.
>=20
> EXPLOIT
> =3D=3D=3D=3D=3D=3D
> Connect to port 500 (IKE) of the Win2k box and start sending UDP packets =
of
> more than 800 bytes continuously. The box will eventually stop respondin=
g
> and services will be denied due to 99% CPU usage from the packets.
>=20
> SOLUTION
> =3D=3D=3D=3D=3D=3D=3D
> Firewall port 500 off if IPSsec is not in use.
>=20
> c0redump@ackers.org.uk
> gridrun@spacebitch.com
> #hacktech @ undernet
--=20
Marcelo Bartsch
mbartsch@netglobalis.net
#
# Failure is not an option. It comes bundled with your Microsoft
product.=20
# Fallar no es una opcion. Viene incluido con tu producto Microsoft.
# -- Ferenc Mantfeld=20
--=-BoVLZkzvR5SgyotfZ+BT
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQA8F1TNiRbhWGEA9yERAnsRAJ47fANkCNIDJFAzzKFh9UIhaD0WHACggJKK
G+ghrkE1gEm2WBReRqdyfxY=
=Taaa
-----END PGP SIGNATURE-----
--=-BoVLZkzvR5SgyotfZ+BT--
