Forgot your password?
typodupeerror
Windows Operating Systems Software Security Bug Microsoft IT

Windows 2003 and XP SP2 Vulnerable To LAND Attack 534

Posted by Hemos
from the one-if-by-sea-two-if-by-LAND dept.
An anonymous reader writes "Dejan Levaja, a Serbian security engineer has discovered that nearly 8 years after the attack was first made public, WIndows 2003 and Windows XP SP2 are in fact vulnerable to the historic LAND attack." Granted, you need to have the firewall turned off for this work, but there's a whole lotta machines that don't have it turned on.
This discussion has been archived. No new comments can be posted.

Windows 2003 and XP SP2 Vulnerable To LAND Attack

Comments Filter:
  • Only win ? (Score:4, Interesting)

    by mirko (198274) on Monday March 07, 2005 @11:16AM (#11865879) Journal
    Are only Windows platform vulnerable or will these attacks be successful on other non-ms platforms ?
    • Re:Only win ? (Score:5, Informative)

      by redJag (662818) on Monday March 07, 2005 @11:22AM (#11865952)
      There is a big list before the provided source code [hoobie.net].
      • MOD PARENT UP ! (Score:4, Informative)

        by mirko (198274) on Monday March 07, 2005 @11:40AM (#11866205) Journal
        BSDI 2.1 (vanilla) IS vulnerable
        BSDI 2.1 (K210-021,K210-022,K210-024) NOT vulnerable
        BSDI 3.0 NOT vulnerable
        Digital UNIX 4.0 NOT vulnerable
        FreeBSD 2.2.2-RELEASE IS vulnerable
        FreeBSD 2.2.5-RELEASE IS vulnerable
        FreeBSD 2.2.5-STABLE IS vulnerable
        FreeBSD 3.0-CURRENT IS vulnerable
        HP-UX 10.20 IS vulnerable
        IRIX 6.2 NOT vulnerable
        Linux 2.0.30 NOT vulnerable
        Linux 2.0.32 NOT vulnerable
        MacOS 8.0 IS vulnerable (TCP/IP stack crashed)
        NetBSD 1.2 IS vulnerable
        NeXTSTEP 3.0 IS vulnerable
        NeXTSTEp 3.1 IS vulnerable
        Novell 4.11 NOT vulnerable
        OpenBSD 2.1 IS vulnerable
        OpenBSD 2.2 (Oct31) NOT vulnerable
        SCO OpenServer 5.0.4 NOT vulnerable
        Solaris 2.5.1 IS vulnerable (conflicting reports)
        SunOS 4.1.4 IS vulnerable
        Windows 95 (vanilla) IS vulnerable
        Windows 95 + Winsock 2 + VIPUPD.EXE IS vulnerable
        • Mod parent down (Score:5, Insightful)

          by Ulric (531205) on Monday March 07, 2005 @11:54AM (#11866397) Homepage
          That's a list of operating systems from 1997, taken out of an exploit from 1997. Linux 2.0.30? Novell 4.11? Solaris 2.5.1?
          • by hot_Karls_bad_cavern (759797) on Monday March 07, 2005 @12:54PM (#11867187) Journal
            Believe it or not, some folks still use Solaris 2.5 and 2.6 versions. I used to work at a university whose physics department was fortunate enough to have two electron scanning microscopes, one old and huge and one new, smaller one. The old one had controlling software that was custom, to say the least, and written by a German firm that's been out of business for a few years now.

            Guess what OS the software ran on? And what hardware connections were custom to the old Sparc-based controller the ran the thing? Wohoo! Old Solaris was the only way it'd still 'go'.

            Well, sneaker-net wasn't going to work for the grads that were abroad and well, the profs wanted network access, so they were going to get it. Short of the long, we had to build, tweak and mess with all kinds of junk (tcpwrappers, ssh, ssl) before it went back on the network (yes, that donkey had been hacked before). So yes, there's lots of old Solaris still out there.

            And before anyone asks, yes I finally quit that job due to *not* being able to secure things like this. Authenticating gateways, openvpn, pf on Solaris (boss would *never* let me put that on all the machines we cared for ... unbelievable really), moving *away* from Sendmail, installing Solaris machines with everything locked down, etc, etc). Drove me fucking mad.
      • by swillden (191260) * <shawn-ds@willden.org> on Monday March 07, 2005 @11:58AM (#11866446) Homepage Journal

        Since that site appears to be slashdotted, google turned up another one. [clifford.at].

        Might as well take down both of them, right?

  • by beatdown (788583) * on Monday March 07, 2005 @11:16AM (#11865882)
    It is also subject to sea and air attacks.
  • wow (Score:5, Funny)

    by Quasar1999 (520073) on Monday March 07, 2005 @11:17AM (#11865886) Journal
    In other news, my computer is also prone to failing if I microwave it... hit it with a hammer, or attempt to install water cooling while I'm drunk...
    • Re:wow (Score:5, Funny)

      by Anonymous Coward on Monday March 07, 2005 @11:25AM (#11865984)
      Problem:
      The other thing Microsoft won't tell you is that if paramilitants do a home invasion, they can take your machine right out of the house and have access to all data and the entire network, for that matter.

      Solution: Install complex home alarm system, man traps, CCTV, and acquire armed guards, string up razor wire and dig tunnel system deep in the jungle.

      Ethic:
      I told microsoft that their computers were totally unprotected from physical theft by armed gangs of paramilitants and received no response. I am now sharing this with the community.
    • In this case, your computer is prone to failing when someone else decides that it should go down.

    • Re:wow (Score:3, Insightful)

      by antiMStroll (664213)
      Turning Windows firewall off poses the same risk as a strike with a hammer or microwaving? That's one fragile OS!
    • Re:wow (Score:5, Insightful)

      by Tassach (137772) on Monday March 07, 2005 @11:31AM (#11866063)
      There is NO legitimate reason whatsoever for a modern, patched operating system to be vulnerable to a simple, 8-year-old DOS attack. What's next, reintroduction of the Ping Of Death vulnerability? This is sloppy quality control, pure and simple.

      This incident is just another example which demonstrates the importance (or more accurately, the lack thereof) that Microsoft's corporate culture places on security. Hasn't anyone at Microsoft ever heard about regression testing?

      Microsoft has consistantly demonstrated that, regardless of what their press releases say, security is NOT one of their priorities. People need to start waking up and realizing this before they entrust their critical infrastructure to Microsoft products.

      • Re:wow (Score:4, Funny)

        by log0n (18224) on Monday March 07, 2005 @11:45AM (#11866266)
        Personally, I'm hoping WinNuke make a comeback.
  • News? (Score:5, Insightful)

    by Anonymous Coward on Monday March 07, 2005 @11:18AM (#11865899)
    "Granted, you need to have the firewall turned off for this work, but there's a whole lotta machines that don't have it turned on."

    Machines that are not protected are vulnerable. Well, that isn't really news is it? Sounds pretty silly to me.
    • Re:News? (Score:5, Insightful)

      by A beautiful mind (821714) on Monday March 07, 2005 @11:21AM (#11865945)
      You forgot something:

      A box running no services should be not vulnerable of any dos except brute force even without a firewall. A firewall shouldn't be a solution to poor design/implementation problems and code bugs. That is simply not working. What if someone gets through the firewall?
      • Re:News? (Score:3, Insightful)

        by garcia (6573) *
        What if someone gets through the firewall?

        Then you get attacked I guess but I have a feeling that if the firewall is up the would-be attackers would move on to a more vunerable attacker.
        • Re:News? (Score:3, Insightful)

          It all boils down to risk assessment / management / mitigation. But i'm not talking from the user's viewpoint but the software developer's. I mean you can't just tell the users to install firewalls like microsoft does because the system is quite flawed in the first place! I cannot stress this enough:

          A system is only that strong as it's weakest component

          If you put that on a platform level from the viewpoint of a software developer organization it clearly means that you need to code the system in a way t
        • by mcc (14761)
          If the idea is that your Windows system will remain safe because attackers will be too busy exploiting the slightly-less-protected Windows systems around you to notice you there, this isn't very comforting.
      • Re:News? (Score:5, Informative)

        by InsaneGeek (175763) <slashdot@insanUU ... inus threevowels> on Monday March 07, 2005 @11:32AM (#11866090) Homepage
        The LAND attack requires an open port, so by definition if the system isn't running any services it will have no open ports and not be vulnerable to this attack.
        • Re:News? (Score:5, Funny)

          by JustForMe (863749) on Monday March 07, 2005 @11:40AM (#11866198)
          Windows Server must be running some services, I guess..
          • Re:News? (Score:3, Funny)

            by ErikTheRed (162431)
            Windows Server must be running some services, I guess..
            <Click>... not anymore! (at least for 20 seconds...)
        • Re:News? (Score:5, Insightful)

          by fsck! (98098) <{jacob.elder} {at} {gmail.com}> on Monday March 07, 2005 @11:49AM (#11866328) Homepage

          Generally speaking, just about any Windows instance is going to gave at lease these ports open:

          Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-03-07 11:45 EST
          (The 1659 ports scanned but not shown below are in state: closed)
          PORT STATE SERVICE
          135/tcp open msrpc
          139/tcp open netbios-ssn
          445/tcp open microsoft-ds

          So this could reak havoc on business or residential networks. But then, I guess this is what you get for giving your users or peers an inapropriate level of trust.

        • by XSforMe (446716) on Monday March 07, 2005 @12:36PM (#11866961)
          The idea behind a server (such as the affected W2K3 server) being connected to a network is to provide a service to the clients. If the machine is not fit to provide services to the network, might as well go back to the store and ask for a reimbursment and exchange to XP workstation.

          The only safe way to safely run this server is to place it behind a SPI firewall. Packet filters will have a hard time detecting and blocking this kind of attack, you will need a full blown SPI to defend and block against these attacks.

          SMCs, Linksys and other consumer level firewall seem to be vulnerable [homenethelp.com] to this thing, the only thing that might save your server is the NAT they might provide. Of course if you are running your server on a public routable IP, then you better start thinking of running a serious setup there.
    • Re:News? (Score:3, Insightful)

      by BorgDrone (64343)
      "Machines that are not protected are vulnerable. Well, that isn't really news is it?"
      A firewall is an additional level of security, a system should be save without it.
    • Re:News? (Score:3, Interesting)

      by PyWiz (865118)
      Well, sure, as many people have pointed out, by disabling your firewall you are leaving yourself open to attacks. In addition, the LAND attack is merely a DOS attack and thus does not pose much threat to home computers (and servers would have firewalls).

      However, that is far from the point. The point is that 8 years after an attack was discovered, Microsofts commercial OS was STILL vulnerable to it. Obviously, if they're leaving themselves open to such vintage attacks as LAND, their security testing proc
  • Windows (Score:5, Funny)

    by Anonymous Coward on Monday March 07, 2005 @11:19AM (#11865908)
    Only one remote hole in the kernel FOR eight years!
  • Wait... (Score:5, Funny)

    by Gorffy (763399) on Monday March 07, 2005 @11:19AM (#11865911) Journal
    You mean to tell me that XP and 2k3 contain buggy legacy code? that IS news!
  • Isn't this EXACTLY what regression tests were designed for?
  • so what? (Score:2, Funny)

    by MC68000 (825546)
    Amazing, if I don't use I firewall, I'm vulnerable. Who would have thought?
  • by MtViewGuy (197597) on Monday March 07, 2005 @11:22AM (#11865947)
    Granted, you need to have the firewall turned off for this work, but there's a whole lotta machines that don't have it turned on.

    ...Isn't the Internet Connection Firewall that comes with Windows XP SP2 turned on by default when you install it in the first place?

    Anyway, given all the warnings about Internet security in the last five years, the majority of users will already have downloaded and installed firewall programs such as ZoneAlarm.

    • by eviltypeguy (521224) on Monday March 07, 2005 @11:29AM (#11866044)
      If you think the majority of users are security minded like that, then why do you think the majority of users have so many problems that could be prevented in the first place by firewalls? Sorry, but my experience has been the opposite of your fairy tale.
      • Why would you want to DOS home computers?
        Serers will have a firewall. Home comptuers won't, but what's the point then?
        this means pretty much nothing.
        • Everytime MS has a security bug that causes millions in damage, MS gets a little bit more egg on their face.

          So now we have Bill Gates and co. coming out and saying, "Windows is our #1 priority." Everyone feels better, because hey... Bill's on the case right?

          Then, out of left-field, it turns out that Windows is vulnerable to an exploit that's practically ancient in the biz. And what if you can get through the firewall somehow? Or what if you're cruising around wireless networks on a laptop?

          This kind of on
        • by nmos (25822)
          Serers will have a firewall. Home comptuers won't, but what's the point then?


          And when some worm implementing this attack rides inside of the firewall on a laptop or some removable media and attacks from the inside?
    • You haven't met many users outside the IT field apparently. I know plenty of family and friends who've turned off the firewall to play some game and oustide the IT field only a single one of my friends or family have heard of ZoneAlarm or anything like it.
  • by hackwrench (573697) <hackwrench@hotmail.com> on Monday March 07, 2005 @11:23AM (#11865963) Homepage Journal
    It may be a little thing called a firewall. A firewall is a spyware-like little piece of software that constantly pings a special server called a firedoor so that spammers hackers, and their ilk know when your computer is available on the internet. Unfortuntely Microsoft refuses to release a patch for this thing but a piece of software called a backdoor can be used to prevent the firewall from doing its dirty work. Download one today!
  • by kakos (610660) on Monday March 07, 2005 @11:24AM (#11865964)
    01 if by LAND, 10 if by SEA
  • by tabkey12 (851759) on Monday March 07, 2005 @11:24AM (#11865973) Homepage
    Blanket Attacks (like blaster, where every windows computer on the net with windows sharing on is hit about 6 times an hour) are usually only viable when the Default configuration is insecure.

    At least with SP2 there is some basic security in terms of the firewall being on by default.

    Still, never thought I'd see a slashdot article linking to a page about Trumpet Winsock in 2005!

  • Safest OS (Score:5, Funny)

    by Virtual Karma (862416) on Monday March 07, 2005 @11:27AM (#11866003) Homepage
    Windows is one of the safest OS around (and to keep it that way it is advised that the computer should not be connected to internet or any other network for that matter)
  • by Nom du Keyboard (633989) on Monday March 07, 2005 @11:27AM (#11866005)
    Ethic:
    Microsoft was informed 7 days ago (25.02.2005, GMT +1, local time), NO answer received, so I decided to share this info with security community.

    Of course they didn't reply. They're under LAND attack, and your message is caught in the server. You must have sent them a proof-of-concept, so what did you expect?

  • by fizbin (2046) <martin&snowplow,org> on Monday March 07, 2005 @11:27AM (#11866008) Homepage
    Quoting from http://www.insecure.org/sploits/land.ip.DOS.html [insecure.org]:
    i recently discovered a bug which freezes win95 boxes. here's how

    it works: send a spoofed packet with the SYN flag set from a host, on an open
    port (such as 113 or 139), setting as source the SAME host and port
    (ie: 10.0.0.1:139 to 10.0.0.1:139). this will cause the win95 machine to lock
    up.
    So it's a way to either remotely lock up or reboot a target machine. I would assume (not having, you know, tried it or anything) that this includes most windows-based webservers.
  • I know the land attack is old, but still, linking to a .c ? Why not link to the description of the attack and let that be enough. I was not aware /. was a scriptkiddie toolz warehouse. As stated by the article, there are still probably a bunch of machines this will affect, and putting a link directly to LAND.c on the main page probably isnt such a good idea. Whats next, root kits?

    Tm

    • I know the land attack is old, but still, linking to a .c ? Why not link to the description of the attack and let that be enough. I was not aware /. was a scriptkiddie toolz warehouse. As stated by the article, there are still probably a bunch of machines this will affect, and putting a link directly to LAND.c on the main page probably isnt such a good idea. Whats next, root kits?

      Honestly. Why don't you just stick your head in the ground every time there's a problem. If you don't see it, it can't be real
    • by Sycraft-fu (314770) on Monday March 07, 2005 @11:42AM (#11866223)
      I'm not a programmer, so looking through a C file isn't likely to give me any useful information, unless it's in comments at the beginning of the code. What's more, I imagine even programmers would rather just hear a summary than have to sit there and look through a bunch of code to figure out what it does.

      I mean ethical issues aside, it's just not that helpful to most people. I'm sure most people though "WTF is a LAND attack?" and cliked on the link to see. Getting a C file, is probably not the answer they wanted, espically given that it doesn't seem to be transfering, so I can't even see if it has useful comments or not.

      When doing /. stories, link to relivant and if possible, concise descriptions of terms that people are likely to be unfarmilar with. If you want to provide a link to source, do it seperatly and note it as such.
    • UNLABELED too. (Score:5, Insightful)

      by Ungrounded Lightning (62228) on Monday March 07, 2005 @11:43AM (#11866247) Journal
      I know the land attack is old, but still, linking to a .c ? I was not aware /. was a scriptkiddie toolz warehouse.

      Not only that, it was unlabeled. That means anybody who follwed the link now has a copy of the malware in their machine's webcache, minimum. And if they saved it (to keep the list of vulnerable configurations, for example) they have the malware itself.

      This simultaneously puts a bunch of slashdot readers at legal risk (from false prosecution and/or in-court character assasination, based on evidence from a siezed computer) and gives real baddies plausible deniability.
    • by keen (86192) on Monday March 07, 2005 @11:45AM (#11866281)
      Security through obsecurity doesn't work. Here's the important part of the source :) Basically it just sends a SYN packet which has the target's address as the source and the destination (same port as well).

      ---snip---
      bzero(&buffer,sizeof(struct iphdr)+sizeof(struct tcphdr));
      ipheader->version=4;
      ipheader->ihl=siz eof(struct iphdr)/4;
      ipheader->tot_len=htons(sizeof(struct iphdr)+sizeof(struct tcphdr));
      ipheader->id=htons(0xF1C);
      ipheader->t tl=255;
      ipheader->protocol=IP_TCP;
      ipheader->sad dr=sin.sin_addr.s_addr;
      ipheader->daddr=sin.sin_a ddr.s_addr;

      tcpheader->th_sport=sin.sin_port;
      tcpheader->th _dport=sin.sin_port;
      tcpheader->th_seq=htonl(0xF1 C);
      tcpheader->th_flags=TH_SYN;
      tcpheader->th_of f=sizeof(struct tcphdr)/4;
      tcpheader->th_win=htons(2048);

      bzero(&pseudoheader,12+sizeof(struct tcphdr));
      pseudoheader.saddr.s_addr=sin.sin_addr. s_addr;
      pseudoheader.daddr.s_addr=sin.sin_addr.s_ addr;
      pseudoheader.protocol=6;
      pseudoheader.leng th=htons(sizeof(struct tcphdr));
      bcopy((char *) tcpheader,(char *) &pseudoheader.tcpheader,sizeof(struct tcphdr));
      tcpheader->th_sum=checksum((u_short *) &pseudoheader,12+sizeof(struct tcphdr));
      ---snip---
  • Open ports (Score:5, Insightful)

    by ca1v1n (135902) <snookNO@SPAMguanotronic.com> on Monday March 07, 2005 @11:27AM (#11866010)
    Of course, some windows machines need to have open ports, like, say, if they're offering *services*. So really, your mundane desktop need not be affected. It's the production server you should be quite terrified about.
  • Can anyone confirm? (Score:5, Interesting)

    by Anonymous Coward on Monday March 07, 2005 @11:27AM (#11866013)
    A friend showed this to me a few days ago and I was unable to reproduce the attack over the LAN, both with my own code and some code of the original LAND found with google. Both were run from linux by opening a raw socket, filling in ip and tcp headers including checksums using the structs in ip.h and tcp.h, and sending with sendto(). In both cases ethereal would show the packet as recieved but the machine would operate normally.
  • by Billy Bo Bob (87919) on Monday March 07, 2005 @11:28AM (#11866030)
    8 years is hardly enough to figure out how to patch windows.

    Besides, like all everyone here says, it is the users own fault for not using a firewall. Having an expectation that 8 yr old attacks should be fixed is just unreasonable.

    WTF, are you all on crack?
  • if i read correct:

    Sending TCP packet with SYN flag set, source and destination IP address and source
    and destination port as of destination machine, results in 15-30 seconds DoS condition.


    SO sending every 10 seconds such a packet to a windows internet (http) host will make it disappear form the internet? DOS attack? that is lame.

  • Retro! (Score:5, Funny)

    by bigtallmofo (695287) on Monday March 07, 2005 @11:29AM (#11866048)
    I remember the days of Ping of Death, Land, Teardrop, New Tear, Bork, etc.

    Now that my WinXP SP2 system is susceptible to land again, it's getting me into a nostalgic mood. I think I'll go play Ms PacMan on my MAME cabinet now.
  • Am I vulnerable? (Score:3, Interesting)

    by SteelV (839704) on Monday March 07, 2005 @11:31AM (#11866061)
    I have yet to install SP2 because I heard it hurts performance of some computer games, which is mainly what I use my windows PC for.

    I am otherwise up-to-date with windows updates. I have a linksys router for my internet connection, but no software firewall.

    Am I vulnerable to this and other issues? Should I update to SP2 already (the first time I tried it crashed while installing, didn't even work, but I could prob. get it to work next time). Or should I stay with SP1 for games?

    Thank you.
  • Big deal... (Score:3, Interesting)

    by 14erCleaner (745600) <FourteenerCleaner@yahoo.com> on Monday March 07, 2005 @11:37AM (#11866152) Homepage Journal
    Denial of service attacks are so twentieth-century.

    We've moved on to more productive uses of vulnerable machines (e.g. spam zombies). Who wants to do a DOS attack on a machine without a firewall anyway? What's the point?

  • by writermike (57327) on Monday March 07, 2005 @11:40AM (#11866202)
    Experts say servers are vulnerable to the infamous CAFE attack. One drop can take down an entire network!

    Granted you have to have a computer next to a cup of coffee for this to work, but MANY PEOPLE DO!!!!!!!!!!
  • by YetAnotherName (168064) on Monday March 07, 2005 @11:41AM (#11866219) Homepage
    Vizzini: You only think I guessed wrong - that's what's so funny. I switched glasses when your back was turned. Ha-ha, you fool. You fell victim to one of the classic blunders, the most famous of which is "Never get involved in a land war in Asia", but only slightly less well known is this: "Never go in against a Sicilian, when *death* is on the line.". Hahahahahah. [Vizzini falls over dead]

    (Yeah, off topic, I don't care.)
  • by Tethys_was_taken (813654) on Monday March 07, 2005 @11:48AM (#11866316) Homepage
    Found inside the source file:
    Date: Thu, 20 Nov 1997 19:40:19 -0500
    Reply-To: m3lt <meltman@LAGGED.NET>
    Subject: new TCP/IP bug in win95

    hi,

    i recently discovered a bug which freezes win95 boxes. here's how
    it works: send a spoofed packet with the SYN flag set from a host, on an open
    port (such as 113 or 139), setting as source the SAME host and port
    (ie: 10.0.0.1:139 to 10.0.0.1:139). this will cause the win95 machine to lock
    up.

    the piece of code included in this message does that, so... have fun!

    i haven't tested this bug on other platforms, i don't have the
    ressources. please feel free to do so.

    m3lt
    meltman@lagged.net
  • by saigon_from_europe (741782) on Monday March 07, 2005 @11:53AM (#11866373)
    Just 5 minutes before I read this post, I turned firewall on my WinXP SP2 machine off, testing someting on our LAN.

    Can you imagine what amount of fear I felt when I realized that this guy lived only 2 miles from my office...
  • Damnit! (Score:4, Interesting)

    by GoNINzo (32266) <GoNINzo@[ ]oo.com ['yah' in gap]> on Monday March 07, 2005 @11:53AM (#11866385) Journal
    I pointed this out YEARS ago [linuxsecurity.com]. I just don't understand why the updated winsock didn't get used in 2k when they overhauled the tcp stack. (and wow is that an old email addy. heh)
  • Malware (Score:3, Insightful)

    by aug24 (38229) on Monday March 07, 2005 @11:58AM (#11866453) Homepage
    Would all you morons shouting about firewalls shut up for thirty seconds and consider the following scenario:

    User is in big corp behind firewall.
    User receives email claiming to be something or other.
    User runs attachment.
    All 'doze boxes in big corp stop working.

    Firewalls are (a) not the answer to all crap coding and (b) not perfect solutions even so.

    Justin.
  • exploit (Score:5, Informative)

    by imipak (254310) on Monday March 07, 2005 @12:32PM (#11866888) Journal
    Courtesy of the fine (French) folk at k-otik.org... an exploit [k-otik.com].

    Unfortuntately the b0rked Slashdot lameness filter won't allow code to be posted even when 'post as code' is selected :?

  • by prisoner-of-enigma (535770) on Monday March 07, 2005 @12:40PM (#11867017) Homepage
    Granted, you need to have the firewall turned off for this work, but there's a whole lotta machines that don't have it turned on.

    OK, so what you're saying is that in order for XP to be vulnerable, it must be directly connected to the Internet, the user must specifically have disabled the firewall, and no intermediate firewall must be present.

    At what point do we cease blaming Microsoft for stupid user tricks? I mean, Microsoft has freely given SP2 to anyone who wants it. Pretty soon it will be a mandatory download from WindowsUpdate. People bitched and moaned for years that Microsoft didn't do enough for security and didn't default to having updates apply automatically. But when Microsoft finally does improve security (with a better firewall) and tries to turn it all on by default, everyone griped. Damned if you do...

    Look, if a Windows zealot took something like Fedora, turned on a bunch of services, turned off the firewall, and then griped because his box got hacked, Slashdotters everywhere would be screaming that this guy was a fool, that Linux security is great when it's not sabotaged by an idiot at the keyboard. And they'd be right. But when an attack requires that a Windows user actively subvert the very security measures Microsoft's put in place to protect him, everybody blames Microsoft. Nope, no bias to see here, citizens, please move along.
    • OK, so what you're saying is that in order for XP to be vulnerable, it must be directly connected to the Internet, the user must specifically have disabled the firewall, and no intermediate firewall must be present.

      Although it's a good idea to have an intermediate firewall to catch obviously bogus packets, that's not an excuse for Microsoft to be sloppy.

      As for disabling the firewall, while that's probably a bad idea for Joe Home User, what if I want to run my web site off of a Window XP box? Presumably

  • Ho hum (Score:3, Informative)

    by mogrify (828588) on Monday March 07, 2005 @12:46PM (#11867084) Homepage
    I hit a Windows XP SP1 box with this to no effect. I had to make some changes to even compile it (http://mixter.void.ru/glibc.txt [mixter.void.ru]). But the test box didn't blink.
  • by duncanthrax (149400) on Monday March 07, 2005 @01:27PM (#11867576) Homepage
    Yes, it actually works on SP2. Fire up Task Manager and watch CPU load reach 100% for ~10 seconds for a single packet.

    Here's [duncanthrax.net] the code that should compile on Linux.
  • by GPLDAN (732269) on Monday March 07, 2005 @02:03PM (#11867990)
    Windows users are vulnerable to Land Sharks.

    Knock knock.
    Who's there?
    Pizza man.
    I didn't order a pizza.
    (pause)
    Mailman.
    Today is Sunday, there is no mail.
    (pause)
    Doorman.
    Our building has no doorman.
    (pause)
    Travelling salesman.
    I don't want anything.
    (pause)
    Gumby.
    Oh, it's Gumby!
    (opens door)
    RARRRRRRR!!!!!
  • by IchBinEinPenguin (589252) on Monday March 07, 2005 @08:58PM (#11872720)
    ... backwards-compatibility.

    Let's see OSS match this! A bug, almost a decade old, STILL SUPPORTED!

Maternity pay? Now every Tom, Dick and Harry will get pregnant. -- Malcolm Smith

Working...