![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
More reasons I dislike Microsoft
Mar. 7th, 2005 01:08 pmThere was a recent LJ entry in which there was discussion in the comments about Microsoft's bugs. I think I found a good example of how they handle their bugs which really irritates me and makes me not want to do business with them.
First, a little history. Back in 1997, someone discovered the the LAND attack. The way that worked was that you would send a spoofed TCP SYN packet to a Windows 95 machine, with the same source address and port as that of the destination, and would put the machine into an infinite loop. For example, if you had a machine at address 192.168.1.1 that was running a webserver on port 80, you would send a spoofed SYN packet that had a source address of 192.168.1.1 and a source port of 80. The Windows machine would then try sending a SYN ACK to... 192.168.1.1:80, and that packet would go into a loop.
Okay, so that was a nasty bug. But everyone makes mistakes. In fact, reading that article, one can see that there were many other vendors that were also affected.
7 long years go by, which is more than enough time to fix this bug. Yet 2 days ago, I saw this message on Bugtraq:
So, just to recap: There is a serious bug that can allow anyone on the planet with an Internet connection to cripple a machine with a single packet. 7 years have gone by, and this bug still exists in Microsoft products.
But hey, I hear the new version of Microsoft Word is out, and this one includes a version of Clippy that can speak Ebonics and Jive! I'm glad that Microsoft has its priorities in place.
First, a little history. Back in 1997, someone discovered the the LAND attack. The way that worked was that you would send a spoofed TCP SYN packet to a Windows 95 machine, with the same source address and port as that of the destination, and would put the machine into an infinite loop. For example, if you had a machine at address 192.168.1.1 that was running a webserver on port 80, you would send a spoofed SYN packet that had a source address of 192.168.1.1 and a source port of 80. The Windows machine would then try sending a SYN ACK to... 192.168.1.1:80, and that packet would go into a loop.
Okay, so that was a nasty bug. But everyone makes mistakes. In fact, reading that article, one can see that there were many other vendors that were also affected.
7 long years go by, which is more than enough time to fix this bug. Yet 2 days ago, I saw this message on Bugtraq:
Windows Server 2003 and XP SP2 (with Windows Firewall turned off) are vulnerable to LAND attack.
LAND attack:
Sending TCP packet with SYN flag set, source and destination IP address and source and destination port as of destination machine, results in 15-30 seconds DoS condition.
Tools used:
IP Sorcery for creating malicious packet, Ethereal for sniffing it and tcpreplay for replaying.
Results:
Sending single LAND packet to file server causes Windows explorer freezing on all workstations currently connected to the server. CPU on server goes 100%. Network monitor on the victim server sometimes can not even sniff malicious packet. Using tcpreplay to script this attack results in total collapse of the network.
Vulnerable operating systems:
Windows 2003
XP SP2
[snip]
So, just to recap: There is a serious bug that can allow anyone on the planet with an Internet connection to cripple a machine with a single packet. 7 years have gone by, and this bug still exists in Microsoft products.
But hey, I hear the new version of Microsoft Word is out, and this one includes a version of Clippy that can speak Ebonics and Jive! I'm glad that Microsoft has its priorities in place.