TCP/IP 'Chorusing' Windows DoS

This script is Copyright (C) 1999-2011 Tenable Network Security, Inc.


Synopsis :

The remote OS may facilitate a denial of service attack.

Description :

Microsoft Windows 95 and 98 clients have the ability
to bind multiple TCP/IP stacks on the same MAC address,
simply by having the protocol added more than once
in the Network Control panel.

The remote host has several TCP/IP stacks with the
same IP bound on the same MAC address. As a result,
it will reply several times to the same packets,
such as by sending multiple ACK to a single SYN,
creating noise on your network. If several hosts
behave the same way, then your network will be
brought down.

Solution :

Remove all the IP stacks except one in the remote
host.

Risk factor :

Medium / CVSS Base Score : 5.7
(CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.7
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: Denial of Service

Nessus Plugin ID: 10276 ()

Bugtraq ID: 225

CVE ID: CVE-1999-1201