Preface: SMB malformedLogo -Internet Security Systems

SMB malformed
advICE :Intrusions : 2000501
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?

Summary

Corrupted SMB logon sequence was seen which has been known to crash older Windows NT systems.

Details

There is a bug in older versions of SMB (Microsoft's system for sharing files and printers on a network). This bug can be triggered during the login sequence by sending specially malformed packets. When triggered, the machine will crash.

Affected systems

Windows NT 4.0 SP4
Windows 95 (all versions)

Note that patches are available for all systems that fix the problem.

Note that "File and Print Sharing" must be enabled for this exploit to work.

History

Wide-spread attacks within Universities and against government sites were seen during the spring of 1999.

 more information
q180963   Denial of Service Attack Causes Windows NT Systems to Restart
 
NAI Advisory: 025   Windows NT Logon Denial of Service
  
 
Version appeared: 1.8.5.5
Privacy Policy |  Copyright Info