Re: Top NT Lies

Sidney Becker (black@wookie.net)
Thu, 3 Jul 1997 16:28:53 -0600 (MDT)


my favorite flaw in M$ products was recently discovered (rediscovered, as
i learned when asking some folks who would know) by a friend of mine and
myself when we were trying to figure out a certain DoS bug.

seems M$ has a typically high-tech way of generating TCP sequence numbers
(current Unix systems use a randomization function to prevent sequence
number prediction which is fundamental to connection spoofing). they add
the size in bytes of the TCP payload to the previous sequence number.
that's all.

now, given the existing known flaws in netbios, it seems almost trivial to
spoof a connection to an NT server and masquerade as a backup server to
grab passwords or pretty much anything else.

left as an exercise for the reader.

b3n

On Thu, 3 Jul 1997, Sidney Becker wrote:

> ---black@wookie.net wrote:
> >
> > i love when they claim something is riddled with inaccuracies...then
> > riddle their own article with inaccuracies:
> >
> I roundly agree with your statements. The holes in NT are notoriuos
> and well documented. The Challenge/Response hole is something
> I had a good laugh over in recent days.
>
> While I think MS products are here to stay I also need to voice the
> concerns that should be no more than common sense issues. It seems
> the phrase "common sense is never as common as it should" fits aptly
> to MS as a whole.
>
> For a fun read go to the following url..
> http://www.genome.wi.mit.edu/WWW/faqs/wwwsf7.html#Q66
>
> ===
> S.Becker
> sbecker@sknknpckl.com
> plutarch@rocketmail.om
> _____________________________________________________________________
> Sent by RocketMail. Get your free e-mail at http://www.rocketmail.com
>
>