Re: WINS flooding

David Montgomery (davidrmo@NWU.EDU)
Sun, 17 Aug 1997 12:30:14 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Brian Hampson: "Re: in.fingerd vulnerability"
Previous message: hOtCodE: "[Fwd: BoS: Buffer overflow in /bin/bash]"
Maybe in reply to: Aleph One: "WINS flooding"

If I'm not mistaken, MS has yet to release a hotfix for this problem on NT
3.51 - the hotfix they released is only for NT 4.0.

Has anyone reproduced this on 3.51, and if so, does this mean MS no longer
supports 3.51?

drm

At 09:57 AM 8/15/97 -0400, Sam Chan wrote:
>Aleph One wrote:
>>
>> ---------- Forwarded message ----------
>> Date: Fri, 1 Aug 1997 12:17:53 -0400
>> From: Holas, Ondxej <OHolas@EXCH.DIGI-TRADE.CZ>
>> To: NTBUGTRAQ@RC.ON.CA
>> Subject: WINS flooding
>>
>> When a flood of random (size and contents) UDP packets is sent to port
>> 137/UDP to machine running WINS Server, this service stops after about 5
>> seconds. I reproduced this on several machines running NTS 4.0 + WINS.
>> Even if there were SP3 and all (12) recent postfixes, this service
>> stops. The stop is regular, without Access Violation, manual restart is
>> possible (probably, when attacked, WINS service reports its state to
>> SCM). I never tried to reproduce this issue on NT 3.5x.
>>
>> I discovered there are many unprotected WINS servers in the Internet,
>> which are vulnerable to such attacks (including one well-known software
>> vendor).
>>
>> I reported this bug 06/27/1997, but now, I have neither reply from MS
>> nor available fix.
>>
>> If there's somebody who wants to get sample source (in C, of course) of
>> killing program, I can send it against E-mail.
>>
>> Ondrej Holas, MCSE
>> DIGI TRADE, spol. s r.o.
>> Czech Republic
>* NUKING WINS
>
>the follow comes from WinNTMag UPDATE Vol. 2, Issue 32:
>
>A problem with WINS was reported to Microsoft some months back. The
>problem
>lets a WINS server abnormally terminate. Last week, a post Service Pack
>3
>(SP3) hotfix was released that corrects this problem. The problem is
>created when invalid UDP packets are directed to a WINS server, causing
>it
>to silently terminate.
>
>ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-po
>
>stSP3/winsupd-fix
>
>
>--
>Samuel Chan System Administrator
>Derivative Products Group chan@dpg.rnb.com
>(212)525-8005 Republic National Bank
>
________________________________________________________________
David Montgomery Kellogg Information systems
SysAdmin Kellogg Graduate School of Management
davidrmo@nwu.edu Northwestern, University
(847)467-3793 Evanston, IL

For my public key finger davidrmo@casbah.acns.nwu.edu
PGP Fingerprint: 95 49 67 3F 71 D3 4D BE 47 0F 1A 03 BF D3 E0 DA

Next message: Brian Hampson: "Re: in.fingerd vulnerability"
Previous message: hOtCodE: "[Fwd: BoS: Buffer overflow in /bin/bash]"
Maybe in reply to: Aleph One: "WINS flooding"