RE: Skype Network Remote DoS Exploit

["Marc Maiffret" <mmaiffret () eeye com>]

Apologies if someone already posted the obvious question but:

How come this Patch Tuesday was different for Skype? 

Why didn't the last Patch Tuesday, which had the same rebooting
requirements as any other Patch Tuesday, cause the same problem with
Skype? What was different about this Patch Tuesday? Anyone seen Skype
give an explanation of that yet, as I'm assuming someone already asked
that question, hopefully.

-Marc

> -----Original Message-----
> From: Steven M. Christey [mailto:coley () mitre org] 
> Sent: Monday, August 20, 2007 10:39 AM
> To: tecklord () argocom cv ua; bugtraq () securityfocus com
> Subject: Re: Skype Network Remote DoS Exploit
>
>
> The outage being experienced by Skype was apparently due to 
> massive simultaneous reboots and reconnects after systems 
> installed their Windows patches.
>
> from 
> http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html:
>
>    The disruption was triggered by a massive restart of our users'
>    computers across the globe within a very short timeframe as they
>    re-booted after receiving a routine set of patches through Windows
>    Update.
>
>    The high number of restarts affected Skype's network resources.
>    This caused a flood of log-in requests, which, combined with the
>    lack of peer-to-peer network resources, prompted a chain reaction
>    that had a critical impact.
>
> I wonder how many other services are impacted by simultaneous 
> Windows scheduled updates.
>
> Anyway... given that this was going on at the time the 
> SecurityLab.ru exploit was released, and the exploit only 
> claims a DoS (and only seems to make a series of requests to 
> long URIs), was the exploit actually effective, or was the 
> "DoS" just part of the larger outage?
>
> - Steve