Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Old issue- MS NT PPTP/RAS DoS

from [SanjayR] Network Security [Permanent Link]
Subject: Old issue- MS NT PPTP/RAS DoS
Date: Tue, 11 Apr 2006 17:19:46 +0530 
Hi..

Sorry for posting a mail on a very old issue. but still, I shall appreciate, if somebody responds to this.

While analyzing some vulnerability, and doing some back tracing, I came to know about one issue of DoS on Microsoft NT RAS/PPTP. The issue is covered under BID 2111 and has CVE-1999-0140. the description says that if we telnet to MS NT box on port 1723 and send some junk data of length ~256 followed by ctrl-d, the NT box reboots. My doubt is, does this DoS occur due to sending data + ctrl-d ? ctrl-d is for EOT, therefore, it should not reach NT box as such. Only the FIN packet will go. I looked into the PPTP header. There is one field, called "magic cookie", whose value is fix as 0x1A2B3C4D. But when we send junk data, this value also gets changed (because we are not sending data in PPTP format). My question is: is this the cause of attack (i.e. changed value of cookie) or the earlier one, mentioned everywhere?

thanks in advance for everyone who will spare their time to reply this.

regards
-Sanjay

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Old issue- MS NT PPTP/RAS DoS, SanjayR <=
Previous by Date:  Re: IDS vs. IPS deployment feedback, Richard Bejtlich
Next by Date:  RE: IDS vs. IPS deployment feedback, Palmer, Paul (ISSAtlanta)
Previous by Thread:  Multi-processor solutions and performance, Surya Batchu
Next by Thread:  use of bloom filters in commercial iDS/IPS architectures, Raj Malhotra
Indexes:  [Date] [Thread] [Top] [All Lists]