| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 5 Mar 2005 18:17:14 -0000 From: Dejan Levaja <dejan@...aja.com> To: bugtraq@...urityfocus.com Subject: Windows Server 2003 and XP SP2 LAND attack vulnerability Hello, everyone. Windows Server 2003 and XP SP2 (with Windows Firewall turned off) are vulnerable to LAND attack. LAND attack: Sending TCP packet with SYN flag set, source and destination IP address and source and destination port as of destination machine, results in 15-30 seconds DoS condition. Tools used: IP Sorcery for creating malicious packet, Ethereal for sniffing it and tcpreplay for replaying. Results: Sending single LAND packet to file server causes Windows explorer freezing on all workstations currently connected to the server. CPU on server goes 100%. Network monitor on the victim server sometimes can not even sniff malicious packet. Using tcpreplay to script this attack results in total collapse of the network. Vulnerable operating systems: Windows 2003 XP SP2 other OS not tested (I have other things to do currently – like checking firewalls on my networks ;) ) Solution: Use Windows Firewall on workstations, use some firewall capable of detecting LAND attacks in front of your servers. Ethic: Microsoft was informed 7 days ago (25.02.2005, GMT +1, local time), NO answer received, so I decided to share this info with security community. Dejan Levaja System Engineer Bulevar JNA 251 11000 Belgrade Serbia and Montenegro cell: +381.64.36.00.468 email: dejan@...aja.com
Powered by blists - more mailing lists