Bugtraq mailing list archives

Re: UDP DoS attack in Win2k via IKE

From: "Emre Yildirim" <emre () asper org>
Date: Wed, 12 Dec 2001 16:31:56 -0600 (CST)

On Fri, 2001-12-07 at 14:37, c0redump wrote:

has anyone test this against Windows XP  Professional? or Windows 2000
both result on 60 to 90 % cpu usage, but machine keeps responding. same
test against a windows 2000 professional with PGPNet instaled gave the
same result, 100% CPU Usage.


XP Professional gets up to 80% on my machine, but keeps responding.

Linux with IPSec Support and ipsec enabled gave high cpu usage too. but
nothing with can render the machine unusable.


Same here, I tried the above with my NetBSD (KAME IPsec) box and the load
averages did go up, but the machine was still fully operational.  Also,
IPsec isnot enabled by default in Windows, so this should not really be a problem.
 Inmost VPN setups, a VPN host is usually behind some sort of packet filter and
only accepts connections to port 500 from clients that need to negotiate key
exchange.

Just my $0.02 on this.


-- 
Emre Yildirim <emre () asper org>
GPG KeyID 0xF9E4A1D1 (pgpkeys.mit.edu)

Current thread:

UDP DoS attack in Win2k via IKE c0redump (Dec 07)
- Re: UDP DoS attack in Win2k via IKE Darren Reed (Dec 08)
- Re: UDP DoS attack in Win2k via IKE Marcelo Bartsch (Dec 12)
  - Re: UDP DoS attack in Win2k via IKE Emre Yildirim (Dec 12)
- <Possible follow-ups>
- UDP DoS attack in Win2k via IKE c0redump (Dec 11)