On Mon, 4 Feb 2002, advisories wrote: > I verified this vulnerability in BlackICE Defender 2.9.can as well. > >The current version of BlackICE Defender (2.9.caq and 2.9.cap) running on a > >Windows 2000 machine can be remotely crashed using a very basic ping flood. During a product demo around June of 2000 (as best I recall) I was able to crash Black Ice Defender on NT4 with Mixter's "targa3" (and I might have been using some of the other "targa" tools). It may be somewhat hard to reproduce though, since targa3 uses a pseudo-random, contrived packet generator. I believe the machine was also running some kind of analysis tool called "Ice Cap" which they claimed (at the time) would be used to send relevant security related data back to some kind of central repository. We also noticed that the machine would start consuming 98%-99% of the CPU shortly before it BSoD'd, but perhaps 100Mb Ethernet and my fast machine could explain the high utilization. Unfortunately, I don't know the version they were running, and thus I don't know if this problem still exists. However, it seems relevant in light of these recent posts. Also, I think (again reaching from memory) their software works with NDIS, so it might be useful to know what NDIS driver the target boxes were using. Just a thought. -- Swift
