Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IGMP fragmentation bug in Windows 98/2000

From: jpeg () MAILEXCITE COM (Steve)
Date: Fri, 9 Jul 1999 06:03:59 -0000

Hello all,

I've compiled this and the other two exploits and tested  
against two win98 (original not SE) machines and they 
remained perfectly up and active. I then ran Conseal PC 
Firewall ver. 1.35 on one machine and it didn't even pick up 
any incoming packets.

No i'm not behind any firewalls (besides the one i put up 
myself to see if anything is even going on).

Has anyone actually been afected by this "DoS", or been able 
to reproduce this bug on thier system(s)? 

--------------------------------------------------------
--Jpeg
http://www.sunynassau.edu/dptpages/physci

------------------------------------------
Windows 98's TCP/IP stack chokes on fragmented IGMP packets. 
There is an
exploit out there called "fawx" that supposedly exploits 
this problem,
but I haven't had any success crashing Windows with it. 
Recently I was
given source to a program that reliably crashed 
Win98/98SE/2000 build 2000
and challenged my friend defile to see who could write a 
version of it
utilizing handcrafted igmp/ip headers for source spoofing 
support. Here is
the resulting code that works against most systems with one 
or two tries.

-----------code sniped-----------------------
Previous By Date Next
Previous By Thread Next

Current thread: