DoS attack storms port 445

Security experts have warned that default registry settings on Windows 2000 boxes could allow a malicious user to cause a denial of service (DoS) attack through port 445.

Research from analyst KPMG Denmark found that default registry settings in the Windows 2000 Lanman network management service could allow a user with access to TCP port 445, also known as the Microsoft-ds port, to effect a DoS attack.

Both desktop and server versions of Windows 2000 are vulnerable.

"Sending malformed packets to the Microsoft-ds port [TCP 445] can result in kernel resources being allocated by the Lanman service," said KPMG. "The consequences of such an attack could vary from the Windows 2000 host completely ignoring the attack, to a blue screen."

The attack is also very simple to carry out. "An attack could be something as simple as sending a continuous stream of 10K null chars to TCP port 445," the analyst said.

The management service in Windows 2000 would keep allocating kernel memory until all processing power was used up.

"It would frequently be possible to cause the system service to enter a state where it constantly used 100 per cent CPU usage," said KPMG. "A PC was left in this state over the weekend to see if it would recover on its own. It did not."

Microsoft has been alerted and released a paper earlier this week describing the problem and possible solutions. This can be read here.

• Tweet  
• Facebook  
•  
•  
• Send to  

• Topics
• Security