'Re: Possible DOS in WinNT RAS (PPTP)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Possible DOS in WinNT RAS (PPTP)
From:       Aleph One <aleph1 () UNDERGROUND ! ORG>
Date:       1999-04-28 19:46:02
[Download RAW message or body]

Some more feedback from folks. It seems that there is indeed an issue
here but reproducing it is difficult.

Please if you are going to send a report on this issue please make sure
you include Service Pack level, whether you are using RAS or RRAS,
whether you are using 40-bit or 128-bit, whether the machine froze, BSOD,
or rebooted, and what network card you are using.

WORKED:

Paul M. Hirsch <pauldoom@webcreate.net>:

* NT 4.0, SP3, RAS, PPTP
* Proliant PPro 200
* Netelligent 10/100 ethernet
* Compaq Fibre array

Martin Rex <martin.rex@sap-ag.de>:

* NT 4.0, SP3, 40-bit, PPTP, RAS
* BSOD:  STOP 0x0000000A in RASPPTPE.sys

Ronny Cook <ronny@tmx.com.au>:

* NT 4.0, SP4, RAS, PPTP
* RAS & PPTP installed after SP4
* The problem disappeared when SP4 was reinstalled as per
  Microsoft's instructions.

Emmanuel Tychon <etychon@cisco.com>:

* NT 4.0, SP3
* Machine freezes (dead mouse)

Greg <gmo@sirius.com>:

* NT 4.0


Didn't work:

"Chad D. Lingmann" <chadl@PROVO.NETSchools.net>:

* RRAS

From Andrew Lewman <ALewman@Lifespan.org>:

RedHat 5.2 with all patches against:

NT Server 1  has RRAS, SP4, NT Enterprise, Option Pack 4, PPTP w/96 VPNs (23
active at the time), Compaq Netelligent 10/100 running at 100 Mbits Full
Duplex, with drivers from latest SSD

NT Server 2 has RAS, SP4, NT Enterprise, PPTP w/ 96 VPNs (45 active at the
time), 3Com 3C905b 10/100 running at 100 Mbits full duplex with latest
standard NT4 SP4 driver installed.

NT Server 3 has RRAS, SP4, NT Server, Option Pack 4, PPTP w/20 VPNs (none
active), Compaq Netflex-3 10/100 running at 100 Mbits full duplex with
drivers from latest SSD.

I tried 256 through 2,560 "h"'s in intervals of 100 h's, Ctrl-D for
each interval of h's.  Nothing.  Very temporary spike in process usage for
the processes associated with RAS, went away instantly.

Errata:

Russ actually said he was using RAS, not RRAS. Mea culpa.


--
Aleph One / aleph1@underground.org
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic