Hosting Provided By

Kerberos DoS (Windows 2000)

From: Ian <dispacct(at)hotmail.com>
Date: Wed Aug 06 2003 - 14:38:45 EDT

G'day,

Anyone out there found an easy (script-kiddie) way to demonstrate this as a genuine vuln during a test? I've googled but can't find an exploit for this other than the text reading ...

----------------------=[Detailed Description]=------------------------

By creating a connection to the kerberos service and the disconnecting again, without reading from the socket, the LSA subsystem will leak memory. After about 4000 connections the kerberos service will stop accepting connections to tcp ports 88 (kerberos) and 464 (kpasswd) and all domain authentication will effectively have died (if the target was a domain controller).

It requires a reboot to recover from the attack.

---------------------------=[Workaround]=-----------------------------

Since everyone on the list should know by now my programming abilities stopped at 'hello world' any pointers would be gratefully accepted.

Yours

Ian

Received on Wed Aug 6 14:47:10 2003

This message: [ Message body ]
Next message: Joe Skaboika: "Nessus NASL + Canned Exploit database"
Previous message: De Doncker, Steve: "RE: best Win2K based compact Pen Test tool set.?"
In reply to: John Lampe: "Re: best Win2K based compact Pen Test tool set.?"
Next in thread: Thomas J Ackermann: "Re: Kerberos DoS (Windows 2000)"
Reply: Thomas J Ackermann: "Re: Kerberos DoS (Windows 2000)"
Reply: Ian: "Re: Kerberos DoS (Windows 2000)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:40 EDT

Do you need help?