COMMAND

    tcp/ip

SYSTEMS AFFECTED

    Win NT

PROBLEM

    A malicious  attack may  be mounted  against Windows  NT computers
    with the Simple TCP/IP Services installed. The attack consists  of
    a flood  of UDP  datagrams sent  to the  subnet broadcast  address
    with  the  destination  port  set  to  19  and a spoofed source IP
    address.  The Windows NT computers running Simple TCP/IP  services
    respond to each broadcast, creating a flood of UDP datagrams.

    Interesting  enough,  on  22nd  August  2000  Ruru  Hesse informed
    Security Bugware that this bug exists in the win2k german and even
    with the service pack 1!

SOLUTION

    The fix, and the full KB article can be found at;

        ftp://ftp.microsoft.com

    following path

        /bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/simptcp-fix

    FYI, the  simptcp-fix hot  fix, originally  designed to  handle an
    issue  with  chargen,  has   been  updated  recently   (11/01/97).
    The  Q  article  for  the  hot  fix  has not been updated, and the
    updated README gives  no indications at  to why it  was updated. A
    source  at  Microsoft  suggests  there  were some conditions under
    which the original  problem could still  occur after the  original
    hot fix, these have now been fixed. simptcp-fix includes the fixes
    supplied by icmp-fix.

    No status regarding Win2000.