UDP DoS attack in Win2k via IKE (fwd)

[Steve Bellovin <smb@research.att.com>]

This just moved on bugtraq.  It seems relevant to what we're discussing.

------- Forwarded Message


Message-ID: <001901c17f45$cb54fc60$0100a8c0@downstairs>
From: "c0redump" <c0redump@ackers.org.uk>
To: <bugtraq@securityfocus.com>
Subject: UDP DoS attack in Win2k via IKE
Date: Fri, 7 Dec 2001 17:37:07 -0000
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Content-Type: text/plain;
	charset="Windows-1252"
X-UIDL: 6efe10f9299eedf02227cee0d07fabfa

UDP DoS in Win2k via IKE

PROBLEM
=======
A DoS attack can be carried out on Win2k machines running IKE (internet key
exchange) by sending flooding IKE with UDP packets.  This can cause the
machine to lock up and render 99% of the CPU.

EXPLOIT
======
Connect to port 500 (IKE) of the Win2k box and start sending UDP packets of
more than 800 bytes continuously.  The box will eventually stop responding
and services will be denied due to 99% CPU usage from the packets.

SOLUTION
=======
Firewall port 500 off if IPSsec is not in use.

c0redump@ackers.org.uk
gridrun@spacebitch.com
#hacktech @ undernet



------- End of Forwarded Message



		--Steve Bellovin, http://www.research.att.com/~smb
		Full text of "Firewalls" book now at http://www.wilyhacker.com

---

• Prev by Date: RE: discussion of SIGMA-IKE
• Next by Date: RE: Son-of-IKE Performance
• Prev by thread: test
• Next by thread: RE: UDP DoS attack in Win2k via IKE (fwd)
• Index(es):
  • Main
  • Thread