Possible DOS in WinNT RAS (PPTP)

[simon () CONCEPTS CO NZ (Simon Helson)]

Please excuse if this has been posted before, I did a quick search of the
archives and found nothing
This hasn't been sent to MS, as I don't know an email address to send it
to, Aleph, if you find it worthy of sending, please forward a copy to the
MS people for their attention. Cheers.

I was playing around with PPTP last night, and discovered that, with "very"
minimal effort, I could cause my friends NT Server (version 4, service pack
4) to reboot instantly, without shutting down. All I did was telnet to the
port (1723) on the NT box, and then send the following data.

hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhhhhhhhhhhhhhh (that's 256 'h's for those who don't want to
count:-)

and hit return. nothing. BUT, then I hit ^D and all hell broke loose. The
NT server dropped like a stone, full hardware reboot.

I tested this multiple times and always got the same response.

The NT Server was version 4, with Service pack 4 applied.

Cheers

Simon