IP DOS attacks -- Win95 and WinNT

Paul Leach (paulle@MICROSOFT.COM)
Tue, 18 Nov 1997 14:48:02 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: SGI Security Coordinator: "Silicon Graphics Security Advisory 19971102-01-PX - Vulnerability in"
Previous message: Paul Leach: "Re: Windows 95 IP Fragmentation Bug Fix?"
Next in thread: Paul Leach: "Re: IP DOS attacks -- Win95 and WinNT"

I mentioned recently that for Windows NT the reported denial of service
attack (in code labelled "teardrop.c") was fixed last July.
We have verified that it was also fixed for Win95 -- here is the URL for the
KB article ( Q154174 ) that has links to get fixes for both platforms:
http://premium.microsoft.com/support/kb/articles/q154/1/74.asp

If you're going to apply that patch, I'd also recommend looking at KB
Q168747:
http://premium.microsoft.com/support/kb/articles/q168/7/47.asp
which has links to fixes for both platforms for an OOB attack.

(Despite the URL prefix, I'm told that these are freely available even if
you haven't paid for premium suuport. There's no way I can verify that for
sure, however. I was able to access them without any problem -- but what
does that prove? :-)

I'd suggest applying both to any Windows 95 or Windows NT machine attached
to an IP network from which such attacks might originate.

In the future when reporting IP attacks, it would be quite useful to mention
that they work even when these fixes are applied -- otherwise we'll reply
asking if they have been, and suggesting that they be applied if not.

I.e, if you've really found a new problem, it will reduce the time to fix it
if you tell us up front you're reporting an exploit that works even with the
latest fixes.

Next message: SGI Security Coordinator: "Silicon Graphics Security Advisory 19971102-01-PX - Vulnerability in"
Previous message: Paul Leach: "Re: Windows 95 IP Fragmentation Bug Fix?"
Next in thread: Paul Leach: "Re: IP DOS attacks -- Win95 and WinNT"