| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <428A609A.6020509@moon.ondraszek.ds.polsl.gliwice.pl>
Date: Tue, 17 May 2005 23:22:34 +0200
From: Konrad Malewski <koyot@...n.ondraszek.ds.polsl.gliwice.pl>
To: bugtraq@...urityfocus.com
Subject: Windows (XP, 2k3, Longhorn) is vulnerable to IpV6 Land attack.
Hi!
The land attack described in -
http://www.securityfocus.com/archive/1/392354 - is fixed for ipv4 by
last security updates, but not for ipv6 protocol. As in IpV4 version of
the attack, the build-in firewall has to be turned off to experience the
result (1-5 seconds of DoS condition).
Tools used:
Attached source (I used vs7.1 to compile it) uses winpcap library -
http://winpcap.polito.it/. This program attacks only IpV6 Link-Local
addresses.
Results:
Sending one packet to open IpV6 port causes Windows to freeze for about
5 seconds (CPU usage goes 100%).
Vulnerable operating systems:
I have tested this bug on Windows XP SP2 + security updates up to now
(16 may 2005), Windows 2003 Server SP1 + updates, Windows Longhorn b5048
(by the way L. is still "Land.IpV4 compatible":).
Solution:
Use build-in windows firewall to block open IpV6 ports (port 135 is open
by default). Popular firewalls like zone alarm, sygate personal firewall
and agnitum outpost firewall do not filter ipv6 so the attack has the
same effect.
Ethics
Microsoft has been notified. The IpV6 is not widely used so threat is
minimal (I hope).
Kondrad Malewski
kmalewski at gmail.com
View attachment "LandIpV6.cpp" of type "text/plain" (6556 bytes)
Powered by blists - more mailing lists