[LUGA] Mit freundlicher Unterstützung von:

Mail Thread Index

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NT basically sucks

One more good reason why Linux is better than WindozeNT:

---------- Forwarded message ----------
Date: Wed, 22 Jan 1997 06:25:47 +0900
From: "Jason T. Luttgens" <luttgenj@kic.or.jp>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Subject: NT4 bug? Or bug in my hardware?

Can anyone confirm this? On an NT4 server (maybe workstation too, I don't have it to try),
if you telnet to port 135, type a bunch of junk (say 10-20 characters), hit enter and disconnect,
the server's processor utilization will go up to 100%!!! The only fix I found was to reboot.
I tried with and without SP2.....same result. The installation is 'out of the box' with standard
default install options, of course including TCP/IP. I have no other NT4 servers to try this on
and was wondering if I could get someone to try and confirm this .....


..Then, from Aleph One:

>From aleph1@dfw.net Wed Jan 22 20:38:42 1997
Date: Wed, 22 Jan 1997 14:38:07 -0600
From: Aleph One <aleph1@dfw.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Subject: NT RPC Service Bug

  There have been several dozen replies to the original message. I
sumarize here:

  The bug seems to exits in NT Server and Workstation 4.0, with or without
SP1 and/or SP2. In other words all verions. Some people report the
problem also exist on NT 3.51. A small group of people report it did not
work for them but did not give enough information to figure out if the RPC
service was simple not running, what build of NT they had, or if their
testing methodoly was wront. So it's safe to assue the vulnerability exits
in most NT installations.

  For it to work you must have the 'RPC Configuration' service installed.
This is the default. Port 135 is defined in RFC1060 as:

135       LOC-SRV    Location Service                         [JXP]

  You must connect to port 135 using TCP, send some random characters,
and disconnect. You MUST send a series of characters. If you just connect
and disconnect from the port it wont work. My testing shows that in some
instances the CPU usage will rise but come back down in a few seconds. I
belive it may have something to do with the string you send to it. If your
CPU usage did not stay at 100% try again with a different string.

  After you disconnect the rpcss.exe process will start consumming all
available process cycles. NT does not allow you to kill rpcsss.exe even
under normal operation. You must reboot the machine to get rid of it. You
will still be able to launch other application (the NT schedualer will
give them CPU time), but they will run very slowly and the CPU will stay
at 100% utilization. The performance monitor shows that rougly rpcss.exe
spends 20% of the time in user mode, and 80% of the time in system mode.

Aleph One / aleph1@dfw.net
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01

powered by LINUX the choice of a gnu generation
linux user group austria;
Letzte Änderung:
September 2010