Reported November 30, 2000 by BindView RAZOR

VERSIONS AFFECTED
  • Microsoft Windows NT 4.0 SP 6a (and below)
  • Windows 9x
  • Netware 5 SP1
  • Compaq Tru64 UNIX
  • FreeBSD 4.0-REL
  • Linux 2.0 kernel based systems
  • HP-UX 11.00
  • Red Hat Linux 6.1
  • IRIX 6.5.7m
  • Slackware 4.0
  • Solaris 7
  • Solaris 8

DESCRIPTION

A denial of service attack has been discovered that effects most operating systems.  By creating a large number of TCP connections and leaving them in certain states, individual applications or the operating system itself can be starved or resources to the point of failure.  This attack has been dubbed Naptha by BindView RAZOR and it effects all TCP ports.

DEMONSTRATION

Demonstration code has not been released but complete details on how Naptha works is available at the BindView RAZOR web site;

http://razor.bindview.com/publish/advisories/adv_NAPTHA.html

Or you can read the post to Win2K Security Advice here;

http://www.windowsitsecurity.com/go/win2ks-l.asp?s=win2ksec

VENDOR RESPONSE

Microsoft has issued a security bulletin, MS00-091 and a patch that protects Netbios port 139 is available at;

http://www.microsoft.com/Downloads/Release.asp?releaseID=25114

Other vendors have been notified but information on patches has yet to be released.

CREDIT
Discovered by
BindView RAZOR