NT chargen flood DOS
| Description: | Systems with the Simple TCP/IP Services installed will respond to broadcast UDP datagrams sent to the subnet broadcast address. You could presumably use this to attack someone else (by using your target's source address in the broadcast) or take down the NT network by having the source be port 19 of the same broadcast address. |
| Author: | Unknown |
| Compromise: | stupid DOS attack |
| Vulnerable Systems: | Micro$oft NT with the Simple TCP/IP services installed. M$ has a post-SP3 fix available. |
| Date: | 23 July 1997 |
Date: Wed, 23 Jul 1997 17:09:50 -0400
From: Russ <Russ.Cooper@RC.ON.CA>
To: NTBUGTRAQ@RC.ON.CA
Subject: Alert: Chargen Flooding fix now available
Thanks to Marc Bejarano for bringing this to our attention.
Excerpt from KB Article Q154460:
A malicious attack may be mounted against Windows NT computers with the
Simple TCP/IP Services installed. The attack consists of a flood of UDP
datagrams sent to the subnet broadcast address with the destination port
set to 19 and a spoofed source IP address. The Windows NT computers
running Simple TCP/IP services respond to each broadcast, creating a
flood of UDP datagrams.
The fix, and the full KB article can be found at;
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixe
s-postSP3/simptcp-fix
Cheers,
Russ
R.C. Consulting, Inc. - NT/Internet Security
owner of the NTBugTraq mailing list:
http://ntbugtraq.rc.on.ca/index.html
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
world.
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources:
