COMMAND

    MS TCP/IP

SYSTEMS AFFECTED

    Win NT

PROBLEM

    The following was found  by Kelly E. Gibbs.   The problem is  that
    you can inject a packet  with an invalid sequence number,  invalid
    Window size announcement  (let's say 62K),  with the Urgent,  FIN,
    RST, and a few  other elements of the  packet set just right,  and
    guess what  happends..........   the server  will cease  to accept
    data.  Only the FIN, and ACK FIN make it; only if the next  packet
    doesn't  contain  the  right  window  size.   If  the  next packet
    contains  an  invalid  window  size  that  is  greater  than   the
    previous, then you can recreate the problem.

    So, for those  who have routers  who think that  by closing access
    to port 139 is safe, think again.  This works very well over  port
    80, or  any port  for that  matter.   This was  tested on  several
    firewalls  (without  mentioning  names),  and  it worked.  Several
    UNIX firewalls however, denied  that packet, but the  NT firewalls
    tested all accepted it.

SOLUTION

    One of these days...