In-Reply-To: <[EMAIL PROTECTED]>
Yep, you can use Synk4 and configure it to attack ports 88 and 464. Works within seconds (low-level bandwidth attack). You can google for Synk4 or get it off our FIRE disk. > >G'day, > > Anyone out there found an easy (script-kiddie) way to demonstrate this >as a genuine vuln during a test? I've googled but can't find an exploit for >this other than the text reading ... > >----------------------=[Detailed Description]=------------------------ >By creating a connection to the kerberos service and the disconnecting >again, without reading from the socket, the LSA subsystem will leak >memory. After about 4000 connections the kerberos service will stop >accepting connections to tcp ports 88 (kerberos) and 464 (kpasswd) and >all domain authentication will effectively have died (if the target >was a domain controller). > > >It requires a reboot to recover from the attack. > > >---------------------------=[Workaround]=----------------------------- > > > > Since everyone on the list should know by now my programming abilities >stopped at 'hello world' any pointers would be gratefully accepted. > >Yours > >Ian > >-------------------------------------------------------------------------- - >-------------------------------------------------------------------------- -- > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
