[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hack Microsoft
On Thu, 28 Sep 1995, Perry E. Metzger wrote:
> Thats almost an invitation to hack Microsoft's web products, isn't it?
Not a real attack- cos it's just a Denial Of Service, but it is kind of
amusing...
Windows NT has an interesting property in its handling of TCP connection
establishment. NT has a small limit on the maximum size of its listen
queue - it also handle queue overflow in a different way to BSD derived
stacks. Instead of just dropping the connection request, and allowing the
client TCP to retry automatically, NT sends a RST packet that aborts the
connection.
Ok, you can shutdown just about anything on the Net right now, and there
won't be a real defence possible until IPSEC starts getting installed,
but microsoft makes it much too easy.
Simon