Re: Kerberos DoS (Windows 2000)

On reflection, I could have worded this a lot better but its like 100degrees over here at the moment and the basic act of spelling is proving a little tricky but that is no excuse.

Thank you those who replied off-list.

The reason for the original request was that I was doing some work internally and found that we had an externally facing port 88. When I apporached my manager and pointed out that this was subject to a DoS style attack he scurried off and found the securityfocus site which states that 'they are unaware of any exploit for this issue'.

Armed with this new found information he came back to me with a 'why bother' attitude and I wanted to demonstrate how simple these things are to code bearing in mind it is only a question of generating a substantial amount of connections to the port to DoS it.

Well, simple if you know how - which I don't. I can't program :( Which is why I asked here.

The beauty of this list is I now have NASL scripts, Unix scripts and an interesting new angle to explore. I've ported the unix script over to a DOS batch file and am testing it currently against a test machine. Without the resources of the list I wouldn't have learned half of what I know today (which is still half of not a lot!) and sometimes in my haste to learn more I end up effectively posting what looks suspiciously like a 'how to hack' type post.

As was pointed out to me off-list, I could have been easily flamed for posting such a poorly worded request and I guess I couldn't have blamed anyone for it, however no-one did for which I am grateful.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Again thanks for the off-list replies and apologies for the original post.

Ian

> > -----Original Message-----
> > From: Ian [mailto:dispacct@hotmail.com]
> > Sent: Wednesday, August 06, 2003 2:39 PM
> > To: pen-test@securityfocus.com
> > Subject: Kerberos DoS (Windows 2000)
> >
> >
> > G'day,
>