[4433] in bugtraq
Re: Windows 95/NT DoS
daemon@ATHENA.MIT.EDU (Leonid S Knyshov)
Sat May 10 18:30:21 1997
Date: Sat, 10 May 1997 13:34:55 -0700
Reply-To: Leonid S Knyshov <wiseleo@JUNO.COM>
From: Leonid S Knyshov <wiseleo@JUNO.COM>
X-To: myst@LIGHT-HOUSE.NET
To: BUGTRAQ@NETSPACE.ORG
On Fri, 9 May 1997 22:11:55 -0400 myst <myst@LIGHT-HOUSE.NET> writes:
>Hello,
>
> It is possible to remotely cause denial of service to any
>windows
>95/NT user. It is done by sending OOB [Out Of Band] data to an
>established connection you have with a windows user. NetBIOS [139]
>seems
>to be the most effective since this is a part of windows. Apparently
>windows doesn't know how to handle OOB, so it panics and crazy things
>happen. I have heard reports of everything from windows dropping
>carrier
>to the entire screen turning white. Windows also sometimes has
>trouble
>handling anything on a network at all after an attack like this. A
>reboot fixes whatever damage this causes. Code follows.
>
>
>_eci
[code deleted]
Eci: thanks for bringing this up, I've noticed such messages in my system
logs while I am on IRC now its not puzzling anymore.
I have a couple of questions though :)
First of all, did anyone check if this behavior continues after you
update your Dial-Up networking to MS-ISDN Accelerator pack?
>From what I've heard Trumpet Software's TCP/IP stack is not vulnerable
and so is Chameleon,could someone verify that?
Has anyone reported this to Microsoft yet? I see potential damage to
thousands of people who use IRC and windows clients for example.
That's all for now :)
***
Leonid Knyshov AKA Wise_One <wiseleo@juno.com>
http://kiassociates.com/computerhelp
http://kiassociates.com/computerhelp/personal
For file attachments please use wiseleo@hotmail.com and send a note about
it here :)
