[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: Possible DOS in WinNT RAS (PPTP)
From: Aleph One <aleph1 () UNDERGROUND ! ORG>
Date: 1999-04-28 19:46:02
[Download RAW message or body]
Some more feedback from folks. It seems that there is indeed an issue
here but reproducing it is difficult.
Please if you are going to send a report on this issue please make sure
you include Service Pack level, whether you are using RAS or RRAS,
whether you are using 40-bit or 128-bit, whether the machine froze, BSOD,
or rebooted, and what network card you are using.
WORKED:
Paul M. Hirsch <pauldoom@webcreate.net>:
* NT 4.0, SP3, RAS, PPTP
* Proliant PPro 200
* Netelligent 10/100 ethernet
* Compaq Fibre array
Martin Rex <martin.rex@sap-ag.de>:
* NT 4.0, SP3, 40-bit, PPTP, RAS
* BSOD: STOP 0x0000000A in RASPPTPE.sys
Ronny Cook <ronny@tmx.com.au>:
* NT 4.0, SP4, RAS, PPTP
* RAS & PPTP installed after SP4
* The problem disappeared when SP4 was reinstalled as per
Microsoft's instructions.
Emmanuel Tychon <etychon@cisco.com>:
* NT 4.0, SP3
* Machine freezes (dead mouse)
Greg <gmo@sirius.com>:
* NT 4.0
Didn't work:
"Chad D. Lingmann" <chadl@PROVO.NETSchools.net>:
* RRAS
From Andrew Lewman <ALewman@Lifespan.org>:
RedHat 5.2 with all patches against:
NT Server 1 has RRAS, SP4, NT Enterprise, Option Pack 4, PPTP w/96 VPNs (23
active at the time), Compaq Netelligent 10/100 running at 100 Mbits Full
Duplex, with drivers from latest SSD
NT Server 2 has RAS, SP4, NT Enterprise, PPTP w/ 96 VPNs (45 active at the
time), 3Com 3C905b 10/100 running at 100 Mbits full duplex with latest
standard NT4 SP4 driver installed.
NT Server 3 has RRAS, SP4, NT Server, Option Pack 4, PPTP w/20 VPNs (none
active), Compaq Netflex-3 10/100 running at 100 Mbits full duplex with
drivers from latest SSD.
I tried 256 through 2,560 "h"'s in intervals of 100 h's, Ctrl-D for
each interval of h's. Nothing. Very temporary spike in process usage for
the processes associated with RAS, went away instantly.
Errata:
Russ actually said he was using RAS, not RRAS. Mea culpa.
--
Aleph One / aleph1@underground.org
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic