Windows IP Fragment Reassembly

 
Windows IP Fragment Reassembly
Reported May 19 by
Bindview"s Razor Team

VERSIONS EFFECTED
  • Windows 95, 98, NT, and 2000 - all versions

DESCRIPTION

Sending large numbers of identical fragmented IP packets to a Windows 2000 or NT4 host may cause the target to stop responding for the duration of the attack due to 100% CPU utilization. According to Bindview, the DoS is caused by sending identical fragmented IP packets to a target at 150 packets per second, where the contents of the packet do not matter.

VENDOR RESPONSE

Microsoft has issued patches for the problem.

Windows NT 4.0 Workstation, Server and Server, Enterprise Edition:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20829

Windows NT 4.0 Server, Terminal Server Edition:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20830

Windows 2000 Professional, Server and Advanced Server:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20827

Windows 95:
http://download.microsoft.com/download/win95/update/8070/w95/EN-US/259728USA5.EXE

Windows 98:
http://download.microsoft.com/download/win98/update/8070/w98/EN-US/259728USA8.EXE

Microsoft"s Knowledge Base article:
http://www.microsoft.com/technet/support/kb.asp?ID=Q259728

CREDITS
Discovered and reported by Bindview"s Razor Team

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish