FLASH! TCP/IP Security Alert (fwd)
Karel Svejda
Svejda na ecb.cz
Pátek Listopad 15 04:35:11 CET 1996
JAK ZNICIT PINGEM OPERACNI SYSTEM
Karel Svejda
ECB Informacni systemy spol. s r.o.
Prazska 52/II
566 01 Vysoke Myto
CZECH Republic
tel. +42 468 23847-9
fax. +42 468 21151
e-mail: Svejda na ecb.cz
---------- Forwarded message ----------
Date: Thu, 14 Nov 1996 00:20:40 -0800
From: LANTUG Membership <membership na lantug.org>
Subject: FLASH! TCP/IP Security Alert
To all LANTUG members,
A large number of operating systems and network firmware may be
vulnerable to a newly discovered TCP/IP flaw called the "Ping of Death,"
which overloads and crashes a system by sending excessively large
packets.
In a nutshell, it is possible to crash, reboot or otherwise kill a large
number of systems by sending a ping of a certain size from a remote
machine. This is a serious problem, mainly because this can be
reproduced very easily, and from a remote machine, and because the
attacker needs to know nothing about the machine other than its IP
address. Over 18 major operating systems have been found vulnerable.
Please visit the following website for full details, including operating
systems (including NT 3.51 and possibly NT 4.0), firmware, hardware
(routers, printers, etc.) which are vulnerable, and available patches
and solutions:
http://www.sophist.demon.co.uk/ping/
Also, PCWEEK published, on Nov 12, 1996, a piece on this problem at
http://www.pcweek.com/news/1111/12mping.html, which means more people
will know how to do it and try it out.
-- End --
Další informace o konferenci Linux