Multiple Vendor Fragmented IP Packets DoS Vulnerability

Transmitting identical fragmented IP Packets to a Windows 9x, NT 4.0, NT Terminal Server, 2000 or Be/OS 5.0 host at a rate of approximately 150 packets per second will cause the target's CPU utilization to reach 100%. CPU utilization will return to normal after the attack has ceased. In some cases, this attack could produce a blue screen of death.

An analysis of the exploit was posted to BugTraq on May 26, 2000 by Mikael Olsson <mikael.olsson@enternet.se>. He concludes that the DoS initated by this attack may not be related to IP fragmentation but rather to resource exhaustion and a problem in filtering bad packets by Microsoft Windows.

See the message references by Mikael Olsson for a further interpretation of the mechanism of this attack.


 

Privacy Statement
Copyright 2010, SecurityFocus