Alert: Chargen Flooding fix now available

Aleph One (aleph1@DFW.NET)
Thu, 24 Jul 1997 02:27:24 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Who cares what the hell goes into a Gecos field anyway!: "Windows NT rantings from the L0pht"
Previous message: Matthew G. Harrigan: "Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures"

---------- Forwarded message ----------
Date: Wed, 23 Jul 1997 17:09:50 -0400
From: Russ <Russ.Cooper@RC.ON.CA>
To: NTBUGTRAQ@RC.ON.CA
Subject: Alert: Chargen Flooding fix now available

Thanks to Marc Bejarano for bringing this to our attention.

Excerpt from KB Article Q154460:
A malicious attack may be mounted against Windows NT computers with the
Simple TCP/IP Services installed. The attack consists of a flood of UDP
datagrams sent to the subnet broadcast address with the destination port
set to 19 and a spoofed source IP address. The Windows NT computers
running Simple TCP/IP services respond to each broadcast, creating a
flood of UDP datagrams.

The fix, and the full KB article can be found at;

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixe
s-postSP3/simptcp-fix

Cheers,
Russ
R.C. Consulting, Inc. - NT/Internet Security
owner of the NTBugTraq mailing list:
http://ntbugtraq.rc.on.ca/index.html

Next message: Who cares what the hell goes into a Gecos field anyway!: "Windows NT rantings from the L0pht"
Previous message: Matthew G. Harrigan: "Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures"