Bugtraq mailing list archives
Re: Winsock 2.0 DoS
From: stevep () ee pdx edu (stevep () ee pdx edu)
Date: Thu, 12 Mar 1998 19:31:58 -0800
johnr () CSH RIT EDU said:
If a user has the newest winsock patch for winsock 2.0, which can be located at :
http://www.microsoft.com/windows95/info/ws2.htm
and attempts to do an address lookup on a address which doesn't exist and is 13 characters long winsock will fault. This has been reproduced on several computers and it takes a couple of seconds of looking up to occur. This happens with every winsock program I've tested including Netscape 3, Ie 3.0, and MS ping. Example sites that work are:
www.socois.cool www.pcorner.org blahd.yahoo.com
This apparently only works on names that are exactly 13 characters long (not including periods).
This seems to be related to the Client for Microsoft Networks. I verified the error on one of my boxes, then removed MS client. The machine did not crash. Reinstall MS Client, crashed.
From tcpdump:
19:29:28.940000 ishmael.1027 > joshua.domain: 1+ (33) 19:29:28.940000 joshua.domain > ishmael.1027: 1 NXDomain* 0/1/0 (110) 19:29:28.990000 ishmael.1028 > joshua.domain: 2+ (44) 19:29:28.990000 joshua.domain > ishmael.1028: 2 0/0/0 (44) 19:29:29.220000 ishmael.netbios-ns > 10.255.255.255.netbios-ns: udp 50 19:29:29.970000 ishmael.netbios-ns > 10.255.255.255.netbios-ns: udp 50 19:29:30.730000 ishmael.netbios-ns > 10.255.255.255.netbios-ns: udp 50 19:29:31.490000 ishmael.netbios-ns > joshua.domain: 14+ (34) 19:29:31.490000 joshua.domain > ishmael.netbios-ns: 14 FormErr 0/0/0 (12) 19:29:32.990000 ishmael.netbios-ns > joshua.domain: 14+ (45) 19:29:32.990000 joshua.domain > ishmael.netbios-ns: 14 FormErr 0/0/0 (12) -- ------------------------------------------------------------------- Steven H. Parker, CLE - Certified Linux Enthusiast http://www.ee.pdx.edu/~stevep "If Bill Gates had a dime for every time a Windows box crashed... ... Oh, wait a minute, he already does." -------------------------------------------------------------------
Current thread:
- Re: Midnight Commander /tmp race, (continued)
- Re: Midnight Commander /tmp race willy () SNOWYOWL CSU AC RU (Mar 17)
- Re: Midnight Commander /tmp race Pavel Kankovsky (Mar 18)
- Solaris printd security vulnerability Aleph One (Mar 11)
- Sun Security Bulletin #00165 Aleph One (Mar 11)
- Fwd: Sun Security Bulletin #00166 Tony Hagale (Mar 11)
- SLMail 2.6 DoS Steven (Mar 11)
- SLMail 2.6 DoS - Imail also Jon (Mar 11)
- Winsock 2.0 DoS John Robinson (Mar 11)
- Re: Winsock 2.0 DoS Henri Karrenbeld (Mar 12)
- more testing of Winsock 2.0 DoS Velocet (Mar 12)
- Re: Winsock 2.0 DoS stevep () ee pdx edu (Mar 12)
- InfoSecurity News jericho () DIMENSIONAL COM (Mar 13)
- Chase Bank joey.wheel (Mar 13)
- Win95 Winsock 2.0 DoS Russ (Mar 13)
- Problems with MDaemon 2.7.1 Development Team (Mar 12)
- FreeBSD Security Advisory: FreeBSD-SA-98:01.land Aleph One (Mar 12)
- FreeBSD Security Advisory: FreeBSD-SA-98:02.mmap Aleph One (Mar 12)
- SGI Security Advisory 19980301-01-PX - startmidi/stopmidi, SGI Security Coordinator (Mar 12)
- Winsock 2.0 DoS John Robinson (Mar 12)
- BackWeb Server v.3 (Eval) g3nR8 f00b4r (Mar 10)
- Administrivia Aleph One (Mar 10)