UDP DoS attack in Win2k via IKE

2001-12-08T00:00:00
ID SECURITYVULNS:DOC:2254
Type securityvulns
Reporter Securityvulns
Modified 2001-12-08T00:00:00

Description

UDP DoS in Win2k via IKE

PROBLEM

A DoS attack can be carried out on Win2k machines running IKE (internet key exchange) by sending flooding IKE with UDP packets. This can cause the machine to lock up and render 99% of the CPU.

EXPLOIT

Connect to port 500 (IKE) of the Win2k box and start sending UDP packets of more than 800 bytes continuously. The box will eventually stop responding and services will be denied due to 99% CPU usage from the packets.

SOLUTION

Firewall port 500 off if IPSsec is not in use.

c0redump@ackers.org.uk gridrun@spacebitch.com

hacktech @ undernet