RE: NT and Win95 users beware!

Phil Thomas ( phil@aci.net )
Sat, 10 May 1997 13:53:11 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Jared Groves: "Re: Upgraded to NT 4.0"
Next message: Troy Hall: "Re: multiple default documents for IIS"
Maybe in reply to: Josh Hillman: "NT and Win95 users beware!"
Next in thread: Dale E. Reed Jr.: "Re: NT and Win95 users beware!"

Just to let everyone know, I actually have tested this also, and it does
screw up just about any microsoft based machine. I have called microsoft
about this issue and they are working on a way to resolve this problem.
When and if I acutually get some more details I will post it on this
list. If anyone would like a copy of the C++ source code and give it a
try for themselfs, send me a personal email and I will mail you a copy.

Phil

>-----Original Message-----
>From: Josh Hillman [SMTP:hillman@talstar.com]
>Sent: Saturday, May 10, 1997 11:36 AM
>To: ntisp@emerald.iea.com
>Subject: NT and Win95 users beware!
>Importance: High
>
>Nasty little flaw in NT and 95:
>
>A friend of mine (who runs a unix-based ISP) forwarded this message (at the
>end) to me a little while ago. I gave him permission to test it using my
>home computer as a guinea pig (telling him what IP address I had assigned
>to me at the time) while running in Windows 95 as well as running in NT
>Server and both times, as soon as he ran the program from his unix machine,
>my computer instantaly produced a "blue screen of death."
>
>Windows 95 (4.0.950a):
>BSOD stating that it might be possible to continue normally after hitting
>any key. After hitting any key, it returned to Win95's explorer shell, but
>all maximize, minimize, restore, scroll-arrow, start button were visually
>missing (video had gotten corrupted.) My dialup networking connection was
>still there, but I couldn't ping any IP addresses anymore.
>
>Windows NT Server 4.0 SP2 with the various hot-fixes:
>BSOD producing a memory dump, then automatically reboots the machine.
>After NT reboots, CPU usages fluctuates erratically and all memory is
>almost immediately consumed. After I rebooted the machine, everything went
>back to normal.
>Looking in the MEMORY.DMP file, it dit NOT display the IP address where the
>"hack" originated from.
>
>The program used to "kill" the 95 and NT machines was a small C program
>compiled on a Unix system (in this particular case: "SunOS nexus 5.4
>Generic_101945-43 sun4m sparc") but works on other Unix systems as well.
>
>Unfortunately, this program was distributed this morning to all those that
>subscribe to "bugtraq@netspace.org".
>
>
>
>> ---------- Forwarded message ----------
>> Date: Fri, 9 May 1997 22:11:55 -0400
>> From: myst <myst@LIGHT-HOUSE.NET>
>> To: BUGTRAQ@NETSPACE.ORG
>> Subject: Windows 95/NT DoS
>>
>> Hello,
>>
>> It is possible to remotely cause denial of service to any windows
>> 95/NT user. It is done by sending OOB [Out Of Band] data to an
>> established connection you have with a windows user. NetBIOS [139] seems
>> to be the most effective since this is a part of windows. Apparently
>> windows doesn't know how to handle OOB, so it panics and crazy things
>> happen. I have heard reports of everything from windows dropping carrier
>> to the entire screen turning white. Windows also sometimes has trouble
>> handling anything on a network at all after an attack like this. A
>> reboot fixes whatever damage this causes.
>
>
>
> ----------------------------------------------------------
> NTISP Mailing List listserver@emerald.iea.com
>

Previous message: Jared Groves: "Re: Upgraded to NT 4.0"
Next message: Troy Hall: "Re: multiple default documents for IIS"
Maybe in reply to: Josh Hillman: "NT and Win95 users beware!"
Next in thread: Dale E. Reed Jr.: "Re: NT and Win95 users beware!"