Title: Microsoft NT 4.0 SynAttackProtect Denial of Service Vulnerability
Severity: MODERATE
Description:
The article "Security Considerations for Network Attacks" (http://www.microsoft.com/TechNet/security/dosrv.asp) published by Microsoft details best practices to protect Windows NT against denial of service attacks. It includes a number of recommended registry configurations to harden the network stack. One particular suggested setting, "SynAttackProtect", has been shown to render a Windows NT 4.0 system vulnerable to a remotely exploitable denial of service attack.
In the document "Security Considerations for Network Attacks", it states that the value for REG_DWORD for the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
should be set to '2' rather than the default value of '0' in order to circumvent SYN attacks. However, when the value is configured as '2', Windows NT 4.0 will be vulnerable to a denial of service attack. If the CyberCop TCP Sequence Number Prediction attack (Module 13002) (or equivalent) is launched against a host with this registry setting, it may crash requiring a reboot to regain system functionality. It is not exactly known what causes this to occur.
Affected Products:
- Microsoft Windows NT 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0
References:
- Microsoft: Security Considerations for Network Attacks
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
