26th Sep 2002 [SBWID-4841]
COMMAND
ISA server DoS
SYSTEMS AFFECTED
Windows 2000 Server + Service Pack 2
Microsoft ISA Server Enterprise Edition Full + All Fixes
PROBLEM
Tamer Sahin (http://www.tamersahin.net) posted :
A fragmented Udp attack through the microsoft isa server makes the
system hampered by using the cpu at 100%. Meanwhile server uses
processor power too much and therefore packet process ratio decreases.
You may reach the session log through
http://www.tamersahin.net/downloads/isa.txt
opentear.c by RootShell
http://www.tamersahin.net/downloads/opentear.c
SOLUTION
Update
======
Microsoft answers :
ISA can be configured to drop fragmented packets and, if this is done,
it significantly helps protect the system against flooding attacks like
this. However, even so, it's not a cure-all. Even inspecting and dropping
packets takes some finite amount of work, and once again if the
attacker has sufficient bandwidth, he may be able to flood the server.
Again, though, there isn't a flaw in ISA server - - - -- it's strictly
a flooding attack.