The easiest way to inflict damage on a system host is to exploit known structural weaknesses or bugs in the operating system or TCP/IP stack to cause the host to stop functioning in some important way. The intruder doesn't obtain any direct control or valuable data, and thus denial-of-service attacks are more akin to vandalism. All network operating systems are potentially vulnerable to denial-of-service attacks and NT has had problems in the past. NT 3.51 and earlier versions contained several bugs that vandals could exploit to cause it to stop working, and even early versions of NT 4.0 were vulnerable. Prior to NT 4.0 Service Pack 3, an intruder could crash NT Server by starting a TCP session and then, before exchanging any data, sending a packet with the Out of Band (OOB) flag set, a special condition that NT's TCP stack simply wasn't expecting. In addition, NT's DNS server was vulnerable to deliberately submitted responses for which it hadn't issued a query. NT's FTP server was also vulnerable to the deliberately erroneous command "GET ../.." and Internet Information Server 1.0 was vulnerable to a URL in the form of http://hostname.com/../../. Connecting via Telnet to port 135 on an NT host and sending any text would start consuming 99 percent of the host's CPU time, thereby making the host unusable. All of the denial-of-service attacks mentioned above were fixed by Service Pack 3, which underscores the importance of installing these Service Packs on a timely basis. This is especially true for servers exposed directly to the Internet. Because installing Service Packs can be a tricky and time-consuming proposition, customers should also consider availing themselves of basic firewall protection until they can install the Service Pack. For example, a simple packet filter can effectively thwart the port 135 Telnet attack. Another important lesson from the history of denial-of-service attacks is that they are relatively easy to mount and new ones may easily arise at any time. All of the OS developers, including Microsoft, do their best to anticipate these attacks, but customers will serve themselves best if they assume that something new might slip through. The best general defenses against denial-of-service attacks are properly implemented firewalls and ongoing vigilance. For more information on firewall protection, see the Network Strategy Report "Firewall Architecture and Implementation."
|
|
|
|
|
|
|
|