Bugtraq mailing list archives
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability
From: <caldcv () students fccj org>
Date: 9 Mar 2005 00:48:00 -0000
In-Reply-To: <20050307215532.GA24251 () logos microshaft org>
All: I would like to hear from someone who can reproduce this. If you can, please send details with OS, patches installed, pcaps, etc. not a report of what tools you used to create the packet, sniff and replay the results. I've tested this and either my machines are magically protected from this attack, or it is invalid (despite what the press might say). I'd like some outside corroboration of this attack.
OK, I run Microsoft Windows [Version 5.2.3790] aka Windows Server 2003. All service packs have been installed. I went to Windows Update, and nothing installed. Windows Firewall is off. My linux box is a sarge installation of Debian, which is up to date. Interesting ports on 192.168.0.100: (The 1600 ports scanned but not shown below are in state: closed) Port State Service 135/tcp open loc-srv 139/tcp open netbios-ssn The code I used is from here: http://www.k-otik.com/exploits/20050307.windos.c.php eight@dipset-bitch:~/code$ sudo ./land-new 192.168.0.100 139 Packet sent. Remote machine should be down. The original land.c code didn't want to compile on my linux box.. so I saw this on a slashdot post, tested it, and it locks the machine up to 100% CPU for about 8-10 secs, then goes back to normal. I hope this helps. --CC
Current thread:
- Windows Server 2003 and XP SP2 LAND attack vulnerability Dejan Levaja (Mar 05)
- <Possible follow-ups>
- Re: Windows Server 2003 and XP SP2 LAND attack vulnerability paul14075 (Mar 08)
- Re: Windows Server 2003 and XP SP2 LAND attack vulnerability Grndahl (Mar 08)
- Re: Windows Server 2003 and XP SP2 LAND attack vulnerability caldcv (Mar 08)
- RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Detection Services - IS Security (Mar 10)
- RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Miguel Angel Rodríguez Jódar (Mar 12)
- RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Evans, Arian (Mar 10)
- RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Daniel Cross (Mar 12)