Re: (PM) Major problem....

info@sltic.com
Sat, 18 Jul 1998 13:52:00 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: MegaZone: "(PM) SECURITY PROBLEM. (fwd)"
Previous message: Chris Adams: "Re: (PM) Two weeks later, and still no working ComOS"
In reply to: clemdog@marshallnet.com: "Re: (PM) Major problem...."
Next in thread: Scott Rothgaber: "Re: (PM) Major problem...."

At 12:37 PM 7/18/98 -0500, clemdog@marshallnet.com wrote:
>
>
>> On Fri, Jul 17, 1998 at 09:55:26PM -0500, CAFENET wrote:
>> > We have 13 workstations running Windows 95. As of last night, one
>> > by one the workstations went to the blue Win95 error screen, and the
>> > error was "An exception OE has occurred at 0028:C1021956 in VXD
>> > MSTCP (01) + 0000414E. This was called from 0028:C00:C0045648 iin
>> > VXD NDIS (01) +. Press any key to continue, yadda yadda yadda."
>> > Today, the problem is still there.
>>
>
>Sounds like an issue that upgrading to Winsock 2 would resolve.
>But without knowing more details little hard to offer hints.
>-

This is definitely a DoS attack. It's the OOB (out-of-bounds) attack
using UDP on port 139 - speaking from experience on this one :(
As an immediate fix, block ports 137,138 and 139 on your router as the
first replier suggested. M$ does have a winsock update fix for this
but someone soon will find a new one. If you can, put all your workstations
behind the proxy. Also, if your proxy is a *nix box, try running tcpdump
and you'll see the packets that are hitting you.

Bruce
info@sltic.com

-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>

Next message: MegaZone: "(PM) SECURITY PROBLEM. (fwd)"
Previous message: Chris Adams: "Re: (PM) Two weeks later, and still no working ComOS"
In reply to: clemdog@marshallnet.com: "Re: (PM) Major problem...."
Next in thread: Scott Rothgaber: "Re: (PM) Major problem...."