Re: Windows Server 2003 and XP SP2 LAND attack vulnerability
In-Reply-To: <20050307215532.GA24251@xxxxxxxxxxxxxxxxxxxx>
>All:
>
>I would like to hear from someone who can reproduce this. If you can, please
>send
>details with OS, patches installed, pcaps, etc. not a report of what tools you
>used
>to create the packet, sniff and replay the results. I've tested this and
>either my
>machines are magically protected from this attack, or it is invalid (despite
>what
>the press might say). I'd like some outside corroboration of this attack.
OK,
I run Microsoft Windows [Version 5.2.3790] aka Windows Server 2003.
All service packs have been installed. I went to Windows Update, and
nothing installed. Windows Firewall is off.
My linux box is a sarge installation of Debian, which is up to date.
Interesting ports on 192.168.0.100:
(The 1600 ports scanned but not shown below are in state: closed)
Port State Service
135/tcp open loc-srv
139/tcp open netbios-ssn
The code I used is from here:
http://www.k-otik.com/exploits/20050307.windos.c.php
eight@dipset-bitch:~/code$ sudo ./land-new 192.168.0.100 139
Packet sent. Remote machine should be down.
The original land.c code didn't want to compile on my linux box.. so I saw
this on a slashdot post, tested it, and it locks the machine up to 100% CPU for
about 8-10 secs, then goes back to normal.
I hope this helps.
--CC