COMMAND

    TCP/IP

SYSTEMS AFFECTED

    Windows 9x

PROBLEM

    Dan Kaminsky found following.  He recently completed a preliminary
    analysis of a  rather bothersome flaw  with the Windows  9x TCP/IP
    stack. Since many, if not most NT network installs are on the same
    subnet  as  95/98  clients,  and  since  this  bug can drastically
    increase network traffic to unusable levels, this info is relevant
    to NT users (abstract follows).

    Microsoft Windows 95  and 98 clients  have the capability  to bind
    multiple TCP/IP stacks to the  same MAC address, simply by  having
    the protocol added  more than once  in the Network  control panel.
    This is  actually quite  useful, except  for the  fact that  these
    stacks can run concurrently on  the same IP, even if  they receive
    their IP through BOOTP/DHCP.   The effect of the  bug is to  cause
    the number of ACKnowledgement packets sent to be equal to that  of
    the number of loaded  and bound TCP/IP stacks,  creating excessive
    and significant network noise and collisions.  At least one  Samba
    2.0.0beta1  server  on  an  affected  subnet  becomes   completely
    inaccessible when one of  these machines is activated.   Redundant
    ACKing can be referred to as TCP Chorusing, due to the minor  time
    delays introduced between multiple copies of identical data.   The
    problem is undetectable using the Ping command built into  Windows
    95 or 98--this  is a significant  bug in and  of itself.   Linux's
    ping is not similarly crippled.  NT was not available for testing.
    The *preliminary* analysis is available at:

        http://doxpara.netpedia.net

    By preliminary, explictly means that  while Dan has done his  best
    to  clear  out  any  errors,  factual  or  typographical, some may
    remain.

SOLUTION

    Nothing yet.