[8233] in bugtraq
No subject found in mail header
daemon@ATHENA.MIT.EDU (Weed Whacker)
Wed Oct 21 13:04:35 1998
Date: Wed, 21 Oct 1998 12:00:36 -0400
Reply-To: Weed Whacker <whacker@PRONTOMAIL.COM>
From: Weed Whacker <whacker@PRONTOMAIL.COM>
To: BUGTRAQ@NETSPACE.ORG
About 10 days ago Novell was informed about their tcpip.nlm
being vulnerable to the old chargen and echo denial
of service attack. I tested and confirmed that Netware
4.11 and 5.0 running tcpip.nlm can be exploited, unless
the admin has implemented IP packet filters to prevent
servicing these ports (chargen and echo cannot be turned
off - IP packets must be filtered).
A description of the ancient exploit, along with the
code that I downloaded and used for the test, is here:
http://www.netcraft.com/presentations/interop/dos.html
A Netware admin can implement IP packet filters
(directions courtesy a first-rate netware admin):
load inetcfg
select protocols
select tcp/ip
enable filtering support
exit (and save, of course)
load filtcfg
select tcp/ip
select packet forwarding filters
enable it
press enter on filters
use insert to install each filter (chargen and echo, udp and tcp)
exit to the console prompt and type
"reinitialize system"
Later,
Weed Whacker
______________________________________________________________
Get Your Free E-mail and Homepage at http://www.prontomail.com
