[5673] in bugtraq
IP DOS attacks -- Win95 patches available
daemon@ATHENA.MIT.EDU (Paul Leach)
Fri Nov 21 18:10:57 1997
Date: Fri, 21 Nov 1997 12:52:23 -0800
Reply-To: Paul Leach <paulle@MICROSOFT.COM>
From: Paul Leach <paulle@MICROSOFT.COM>
X-To: "ntsecurity@iss.net" <ntsecurity@iss.net>,
"NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM"
<NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
To: BUGTRAQ@NETSPACE.ORG
There are patches available for the "land" attack for Windows 95. They
include fixes for all the previous IP DOS attacks we have seen, including
jolt, ssping, exploit, synk4, teardrop, winnuke (in conjunction with the
VTCPUPD patch).
There are two patches, one if you have Winsock 1.1, and one if you have
Winsock2. (If you have a file called ws2_32.dll in \windows\system, then
you've got Wisock2)
> For Winsock 1.1:
> http://support.microsoft.com/download/support/mslfiles/Vipup11.exe
>
> For Winsock 2:
> http://support.microsoft.com/download/support/mslfiles/Vipup20.exe
>
You also need to install the VTCPUPD patch:
http://support.microsoft.com/download/support/mslfiles/Vtcpupd.exe
Remember -- we can't test all configurations, etc., in this little time, so
don't apply to large numbers of machines blindly. I'd advise that you make a
backup copy of your current vip.386, vtcp.386 and vnbt.386 before applying
-- if things go badly, just put them back. (They're in \windows\system.)
Paul
