>> A hot-fix for a DOS attack on NT file servers that had not been previously
>> publically known has been posted. The following is the KB article on the
>> fix.
>> DOCUMENT: Q180963
>> TITLE :Denial of Service Attack Causes Windows NT Systems to Reboot
>> PRODUCT :Microsoft Windows NT
>> PROD/VER:4.00
>> OPER/SYS:WINDOWS
>> KEYWORDS:kbbug4.00 kbfix4.00 NTSrv ntstop
>Well it would seem some folks have found the problem (or something
>similar) before as Oliver Friedrichs from Secure Networks hinted at back
>in October on the NTBugTraq mailing list.
>http://listserv.ntbugtraq.com/SCRIPTS/WA-NTBT.EXE?A2=ind9710&L=ntbugtraq&m=
791&P=4201
>Maybe the secnet folks would like to discuss some of their findings.
As it turns out, ISS and Secure Networks get to share credit for this one.
We both found slightly different bugs, submitted repro code to MS, and they
fixed it. The credit at ISS goes to Jose Rodriguez - he's the one who
found it - I just gave him a target to aim at and coordinated with
Microsoft so that they could figure out just what we did.
We found one of the bugs fixed in this patch at ISS by accident working on
our own SMB code - blue screened our whole NT network one day. We weren't
sure exactly _what_ did it - had my laptop bouncing up and down all over
the place whilst Jose got his code straight.
Funny thing was that it would sometimes not BSOD the machine right away,
but would sit there just fine until you went to bring an app to the
foreground or something - then kerpow. Other times, it would torch you off
right away.
I'm really glad to see a hotfix come out _before_ there are machines
getting blasted all over the net. Also nice to see that we didn't have to
go public with it to get it fixed - which is actually our normal experience
with them - YMMV.
David LeBlanc |Why would you want to have your desktop user,
dleblanc@mindspring.com |your mere mortals, messing around with a 32-bit
|minicomputer-class computing environment?
|Scott McNealy