Preface: IGMP fragmentsLogo -Internet Security Systems

IGMP fragments
advICE :Intrusions : 2002902
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

A Corrupted network traffic was sent to the system in an attempt to cause performance problems or crash the system.

Details

The Windows TCP/IP stack does not handle fragmented IGMP packets well. IGMP is a new protocol added to TCP/IP that allows the machine to participate in "multicast" networks, such as Internet radio. An exploit script called "fawx" will send these bad packets at a Windows machine in an attempt to cause the machine to crash. However, the exact behavior of the machine depends upon the system configuration, so some machines will not be affected.

Defense

The firewall subsystem will block the corrupted IGMP fragments, but allow normal IGMP traffic to pass through. Microsoft has also released a patch for the affected systems.

Affected Systems

Win95, Win98, Win98 SE, WinNT through SP5, beta version Windows 2000 up through RC1.

Scripts

Some names of scripts that have been developed for this problem are: kod, kox, pimp, moyari13, misfrag, faux, fawx, and bengay.

 more information
BugtraqID: 514   Microsoft Windows Invalid IGMP Header DoS Vulnerability
 
MS Bulletin: MS99-034   Patch Available for "Fragmented IGMP Packet" Vulnerability
 
q238329   Fragmented IGMP Packet May Promote "Denial of Service" Attack
 
CVE-1999-0918   Denial of service in various Windows systems via malformed, fragmented IGMP packets.
 

 parametric information
lengthLength of IGMP data.

 
Version appeared: 1.8.5.5
Privacy Policy |  Copyright Info