Re: Windows 95/NT DoS

Leonid S Knyshov (wiseleo@JUNO.COM)
Sat, 10 May 1997 13:34:55 -0700

On Fri, 9 May 1997 22:11:55 -0400 myst <myst@LIGHT-HOUSE.NET> writes:
>Hello,
>
> It is possible to remotely cause denial of service to any
>windows
>95/NT user. It is done by sending OOB [Out Of Band] data to an
>established connection you have with a windows user. NetBIOS [139]
>seems
>to be the most effective since this is a part of windows. Apparently
>windows doesn't know how to handle OOB, so it panics and crazy things
>happen. I have heard reports of everything from windows dropping
>carrier
>to the entire screen turning white. Windows also sometimes has
>trouble
>handling anything on a network at all after an attack like this. A
>reboot fixes whatever damage this causes. Code follows.
>
>
>_eci
[code deleted]

Eci: thanks for bringing this up, I've noticed such messages in my system
logs while I am on IRC now its not puzzling anymore.

I have a couple of questions though :)

First of all, did anyone check if this behavior continues after you
update your Dial-Up networking to MS-ISDN Accelerator pack?

>From what I've heard Trumpet Software's TCP/IP stack is not vulnerable
and so is Chameleon,could someone verify that?

Has anyone reported this to Microsoft yet? I see potential damage to
thousands of people who use IRC and windows clients for example.

That's all for now :)

***
Leonid Knyshov AKA Wise_One <wiseleo@juno.com>
http://kiassociates.com/computerhelp
http://kiassociates.com/computerhelp/personal
For file attachments please use wiseleo@hotmail.com and send a note about
it here :)