Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Old-School DoS Attack Can Penetrate XP SP2

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Old-School DoS Attack Can Penetrate XP SP2
Date: Wed, 9 Mar 2005 06:03:19 -0600 (CST) 
Forwarded from: Kelley <securitylists@inkworkswell.com>

http://www.eweek.com/article2/0,1759,1773958,00.asp

By Ryan Naraine
March 8, 2005 

Microsoft Corp.'s newest operating systems can be penetrated by an
old-school-type denial-of-service attack, according to a warning from
a security researcher.

In a SecurityFocus advisory, researcher Dejan Levaja warned that
Windows Server 2003 and XP Service Pack 2 (with Windows Firewall
turned off) could lead to LAND attacks.

A LAND attack is a remote denial-of-service condition caused by
sending a packet to a machine with the source host/port the same as
the destination host/port. The LAND attack scenario was discussed in
1997 by Carnegie Mellon's CERT Coordination Center.

Using widely available reverse-engineering tools, Levaja found that a
single LAND packet sent to a file server could cause Windows Explorer
to freeze on all workstations connected to that server. "CPU on server
goes 100% [and] network monitor on the victim server sometimes can not
even sniff malicious packet," Levaja warned.

He said the script could be replayed endlessly to cause a total
collapse of the network.

A spokeswoman for Microsoft confirmed Levaja's findings but downplayed
the risk to customers.

"Our initial investigation has revealed that this reported
vulnerability cannot be used by an attacker to run malicious software
on a computer. At this point, our analysis indicates the impact of a
successful attack would be to cause the computer to perform sluggishly
for a short period of time,"  the spokeswoman said in a statement sent
to eWEEK.com.

She said customers running the Windows Firewall, enabled by default on
Windows XP SP2, are not impacted by this issue. Microsoft suggests
that customers adopt TCP/IP hardening practices to protect against
denial-of-service attacks.

In the absence of a patch from Microsoft, security research outfit
Secunia recommends that affected users filter traffic with the same IP
address as source and destination address.



http://www.inkworkswell.com

"Be a scribe! Your body will be sleek, your hand
will be soft. You are  one who sits grandly in your
house; your servants answer speedily; beer is poured
copiously; all who see you rejoice in good cheer.
Happy is  the heart of him who writes; he is young
each day."

                  --Ptahhotep, Vizier to Isesi,
                    Fifth Egyptian Dynasty, 2300 BC                  


_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Old-School DoS Attack Can Penetrate XP SP2, InfoSec News <=
Previous by Date:  [ISN] MIT says it won't admit hackers, InfoSec News
Next by Date:  [ISN] Public Disservice, InfoSec News
Previous by Thread:  [ISN] MIT says it won't admit hackers, InfoSec News
Next by Thread:  [ISN] Public Disservice, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]