From owner-freebsd-security  Mon Aug 17 09:38:28 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA25379
          for freebsd-security-outgoing; Mon, 17 Aug 1998 09:38:28 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ifi.uio.no (ifi.uio.no [129.240.64.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA25373
          for <security@FreeBSD.ORG>; Mon, 17 Aug 1998 09:38:26 -0700 (PDT)
          (envelope-from dag-erli@ifi.uio.no)
Received: from hrotti.ifi.uio.no (2602@hrotti.ifi.uio.no [129.240.64.15])
	by ifi.uio.no (8.8.8/8.8.7/ifi0.2) with ESMTP id SAA12653;
	Mon, 17 Aug 1998 18:30:59 +0200 (MET DST)
Received: (from dag-erli@localhost) by hrotti.ifi.uio.no ; Mon, 17 Aug 1998 18:30:59 +0200 (MET DST)
Mime-Version: 1.0
To: Brett Glass <brett@lariat.org>
Cc: 026809r@dragon.acadiau.ca (Michael Richards), security@FreeBSD.ORG
Subject: Re: Why don't winblows program have buffer overruns?
References: <199808170244.UAA18362@lariat.lariat.org>
Organization: University of Oslo, Department of Informatics
X-url: http://www.stud.ifi.uio.no/~dag-erli/
X-other-addresses: 'finger dag-erli@ifi.uio.no' for a list
X-disclaimer-1: The views expressed in this article are mine alone, and do
X-disclaimer-2: not necessarily coincide with those of any organisation or
X-disclaimer-3: company with which I am or have been affiliated.
X-Stop-Spam: http://www.cauce.org/
From: dag-erli@ifi.uio.no (Dag-Erling Coidan =?iso-8859-1?Q?Sm=F8rgrav?= )
Date: 17 Aug 1998 18:30:58 +0200
In-Reply-To: Brett Glass's message of "Sun, 16 Aug 1998 20:36:30 -0600"
Message-ID: <xzpww87tvst.fsf@hrotti.ifi.uio.no>
Lines: 14
X-Mailer: Gnus v5.5/Emacs 19.34
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id JAA25375
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Brett Glass <brett@lariat.org> writes:
>                            You can still confuse them and possibly crash
> them via things like Winnuke (a program which exploits a flaw in Windows'
> built-in NetBIOS over TCP/IP implementation).

This is getting off-topic, but the bug is in the TCP/IP stack, not the
NetBIOS code. The only reason WinNuke uses port 139 (the netbios-ssn
port) is that you're pretty sure there'll be someone listening there.
I've seen WinNuke scripts modified to use port 80 to attack Windows-
based Web servers through firewalls that blocked NetBIOS traffic.

DES
-- 
Dag-Erling Smørgrav - dag-erli@ifi.uio.no

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message