From: Thomas J Ackermann (thomas@ddos.com)
Date: Wed Aug 06 2003 - 19:11:07 EDT
Yep, you can use Synk4 and configure it to attack ports 88 and 464. Works
within seconds (low-level bandwidth attack).
You can google for Synk4 or get it off our FIRE disk.
>
>G'day,
>
> Anyone out there found an easy (script-kiddie) way to demonstrate this
>as a genuine vuln during a test? I've googled but can't find an exploit
for
>this other than the text reading ...
>
>----------------------=[Detailed Description]=------------------------
>By creating a connection to the kerberos service and the disconnecting
>again, without reading from the socket, the LSA subsystem will leak
>memory. After about 4000 connections the kerberos service will stop
>accepting connections to tcp ports 88 (kerberos) and 464 (kpasswd) and
>all domain authentication will effectively have died (if the target
>was a domain controller).
>
>
>It requires a reboot to recover from the attack.
>
>
>---------------------------=[Workaround]=-----------------------------
>
>
>
> Since everyone on the list should know by now my programming abilities
>stopped at 'hello world' any pointers would be gratefully accepted.
>
>Yours
>
>Ian
>
>--------------------------------------------------------------------------
-
>--------------------------------------------------------------------------
-- > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT