https://isc.sans.edu/forums/diary/SMBLoris+the+new+SMB+flaw/22662/
However, this post: https://threatpost.com/windows-smb-zero-day-to-be-disclosed-during-def-con/126927/ seems to indicate that this only affects SMB1: “The case offers no serious security implications and we do not plan to address it with a security update,” a Microsoft spokesperson told Threatpost. “For enterprise customers who may be concerned, we recommend they consider blocking access from the internet to SMBv1.” I'm not sure that's the case, so I'm waiting on further word. Kurt On Mon, Jul 31, 2017 at 10:17 AM, Ed Ziots <[email protected]> wrote: > Sorry for the hijack of the thread but wanted to give the list a heads up on > a new 0-day in Windows, based off Shadow-Brokers attacks, there is a new > tool called smbloris which was released at defcon which can DOS a Windows > box within minutes. > > See the Isc.sans.edu main page for more information. > > Also all presentations from Defcon25 are on the defcon media server > (media.defcon.org) > > Happy Monday, > Ed >
