TCP/IP 'Chorusing' Windows DoS

medium Nessus Plugin ID 10276

Synopsis

The remote OS may facilitate a denial of service attack.

Description

Microsoft Windows 95 and 98 clients have the ability to bind multiple TCP/IP stacks on the same MAC address, simply by having the protocol added more than once in the Network Control panel.

The remote host has several TCP/IP stacks with the same IP bound on the same MAC address. As a result, it will reply several times to the same packets, such as by sending multiple ACK to a single SYN, creating noise on your network. If several hosts behave the same way, then your network will be brought down.

Solution

Remove all the IP stacks except one in the remote host.

Plugin Details

Severity: Medium

ID: 10276

File Name: tcp_chorusing.nasl

Version: 1.32

Type: remote

Family: Denial of Service

Published: 10/31/1999

Updated: 3/6/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5.7

Temporal Score: 4.2

Vector: CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

Excluded KB Items: SMB/WindowsVersion

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2/6/1999

Reference Information

CVE: CVE-1999-1201

BID: 225

Detections

Analytics