The UPnP DoS code does what it is supposed to do, but that doesn't seem to bother Windows XP: the CPU utilization reaches 80% at the very maximum and returns to a stable state as soon as the attack stops. The same level of CPU utilization is reached with other kinds of attacks, like fragmented UDP packets or other services flooding for example. Extra data: - Server: Windows XP Pro US - Client: Linux RH 7.1 - Network: 10 Mb LAN Maybe Windows ME leads to other results. ___________________________________________ Patrick Chambet - MCP IT Security Consulting EdelWeb - ON-X Consulting Group http://www.edelweb.fr - http://www.on-x.com > We develop a code baseline to test the UPNP DOS. The dos consists in > sending a udp packet to port 1900 with a NOTIFY request. This request > has a URL that XP uses to open a tcp connection. The XP does not > sanitize this request so whatever URL and port could be specified. Once > the tcp connection is opened, a chargen code fills the XP memory and the > machine gets into an unstable state with a 100% of cpu utilization. > Gabriel Maggiotti, Fernando Oubiņa > > <<chargen.c>> <<upnp_udp.c>>
