lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 Aug 2007 14:50:30 -0700
From: "Matthew Leeds" <>
Subject: Re[2]: Skype Network Remote DoS Exploit

I'd consider this uh, untrue. Didn't happen on the last patch Tuesday, nor the one before. What made this month special? Did those millions of Windows users who update all coordinate their activity? Not likely. 

As to other services that depends on running on consumers computers to provide services, there are not many on the scale of Skype that vampire bandwidth and CPU in the same way. Certainly none of the bit torrent networks crashed, but then I suspect that they are far more tolerant of user's computers coming and going, and far less dependent on their persistence.

*********** REPLY SEPARATOR  ***********

On 8/20/2007 at 1:39 PM Steven M. Christey wrote:

>The outage being experienced by Skype was apparently due to massive
>simultaneous reboots and reconnects after systems installed their
>Windows patches.
>   The disruption was triggered by a massive restart of our users'
>   computers across the globe within a very short timeframe as they
>   re-booted after receiving a routine set of patches through Windows
>   Update.
>   The high number of restarts affected Skype's network resources.
>   This caused a flood of log-in requests, which, combined with the
>   lack of peer-to-peer network resources, prompted a chain reaction
>   that had a critical impact.
>I wonder how many other services are impacted by simultaneous Windows
>scheduled updates.
>Anyway... given that this was going on at the time the
>exploit was released, and the exploit only claims a DoS (and only
>seems to make a series of requests to long URIs), was the exploit
>actually effective, or was the "DoS" just part of the larger outage?
>- Steve

Powered by blists - more mailing lists