Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: win4841.htm

ISA server DoS



5th Nov 2001 [SBWID-4841]
COMMAND

	ISA server DoS

SYSTEMS AFFECTED

	 Windows 2000 Server + Service Pack 2 

	 Microsoft ISA Server Enterprise Edition Full + All Fixes

	

PROBLEM

	Tamer Sahin (http://www.tamersahin.net) posted :
	

	A fragmented Udp attack through  the  microsoft  isa  server  makes  the
	system hampered  by  using  the  cpu  at  100%.  Meanwhile  server  uses
	processor power too much and therefore packet process ratio decreases.
	

	You may reach the session log through
	 

	http://www.tamersahin.net/downloads/isa.txt

	

	

	opentear.c by RootShell
	 

	http://www.tamersahin.net/downloads/opentear.c

	

	

SOLUTION

	 Update

	 ======

	

	Microsoft answers :
	

	ISA can be configured to drop fragmented packets and, if this  is  done,
	it significantly helps protect the system against flooding attacks  like
	this. However, even so, it\'s not a cure-all. Even inspecting and  dropping
	packets takes some  finite  amount  of  work,  and  once  again  if  the
	attacker has sufficient bandwidth, he may be able to flood  the  server.
	Again, though, there isn\'t a  flaw  in  ISA  server  -  -  -  --  it\'s
	strictly a flooding attack.
	

	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH