Skip navigation

Windows NT and Windows 9x Vulnerable to Naptha DoS Attack

Reported November 30, 2000 by BindView RAZOR

  • Microsoft Windows NT 4.0 SP 6a (and below)
  • Windows 9x
  • Netware 5 SP1
  • Compaq Tru64 UNIX
  • FreeBSD 4.0-REL
  • Linux 2.0 kernel based systems
  • HP-UX 11.00
  • Red Hat Linux 6.1
  • IRIX 6.5.7m
  • Slackware 4.0
  • Solaris 7
  • Solaris 8


A denial of service attack has been discovered that effects most operating systems.  By creating a large number of TCP connections and leaving them in certain states, individual applications or the operating system itself can be starved or resources to the point of failure.  This attack has been dubbed Naptha by BindView RAZOR and it effects all TCP ports.


Demonstration code has not been released but complete details on how Naptha works is available at the BindView RAZOR web site;

Or you can read the post to Win2K Security Advice here;


Microsoft has issued a security bulletin, MS00-091 and a patch that protects Netbios port 139 is available at;

Other vendors have been notified but information on patches has yet to be released.

Discovered by
BindView RAZOR

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.