lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 17 May 2005 23:22:34 +0200
From: Konrad Malewski <koyot@...n.ondraszek.ds.polsl.gliwice.pl>
To: bugtraq@...urityfocus.com
Subject: Windows (XP, 2k3, Longhorn) is vulnerable to IpV6 Land attack.

Hi!

The land attack described in - 
http://www.securityfocus.com/archive/1/392354 - is fixed for ipv4 by 
last security updates, but not for ipv6 protocol. As in IpV4 version of 
the attack, the build-in firewall has to be turned off to experience the 
result (1-5 seconds of DoS condition).

Tools used:
Attached source (I used vs7.1 to compile it) uses winpcap library - 
http://winpcap.polito.it/. This program attacks only IpV6 Link-Local 
addresses.

Results:
Sending one packet to open IpV6 port causes Windows to freeze for about 
5 seconds (CPU usage goes 100%).

Vulnerable operating systems:
I have tested this bug on Windows XP SP2 + security updates up to now 
(16 may 2005), Windows 2003 Server SP1 + updates, Windows Longhorn b5048 
(by the way L. is still "Land.IpV4 compatible":).

Solution:
Use build-in windows firewall to block open IpV6 ports (port 135 is open 
by default). Popular firewalls like zone alarm, sygate personal firewall 
and agnitum outpost firewall do not filter ipv6 so the attack has the 
same effect.

Ethics
Microsoft has been notified. The IpV6 is not widely used so threat is 
minimal (I hope).

Kondrad Malewski
kmalewski at gmail.com

View attachment "LandIpV6.cpp" of type "text/plain" (6556 bytes)

Powered by blists - more mailing lists