3. Como surgiu?
● Criar um Hackathon em Santa Rita do Sapucaí/MG
● 1° Hackathon: 07/03/2004
● Análise de pacotes TCP, utilizando OpenBSD, FreeBSD e
Windows XP, na tentativa de encerrar uma conexão de
Telnet
4. Uma breve explicação da falha
O que descobrimos?
● Condição anormal na pilha do TCP/IP
● Estado não previsto na implementação da pilha
Qual o problema disso?
● Aumento do consumo de CPU
● Queda de performance da rede
Quem esta vulnerável???
5. Sistemas Afetados
Microsoft Windows XP Professional SP2 Microsoft Windows NT Enterprise Server 4.0 SP5
Microsoft Windows XP Professional SP1 Microsoft Windows NT Enterprise Server 4.0 SP4
Microsoft Windows XP Professional Microsoft Windows NT Enterprise Server 4.0 SP3
Microsoft Windows XP Home SP2 Microsoft Windows NT Enterprise Server 4.0 SP2
Microsoft Windows XP Home SP1 Microsoft Windows NT Enterprise Server 4.0 SP1
Microsoft Windows XP Home Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows 98SE
Microsoft Windows Server 2003 Web Edition Microsoft Windows 2000 Server SP4
Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows 2000 Server SP3
Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows 2000 Server SP2
Microsoft Windows Server 2003 Standard Edition Microsoft Windows 2000 Server SP1
Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Enterprise Edition 64-bit SP1 + Avaya DefinityOne Media Servers
Microsoft Windows Server 2003 Enterprise Edition 64-bit + Avaya IP600 Media Servers
Microsoft Windows Server 2003 Enterprise Edition SP1 + Avaya S3400 Message Application Server
Microsoft Windows Server 2003 Enterprise Edition + Avaya S8100 Media Servers
Microsoft Windows Server 2003 Datacenter Edition 64-bit SP1 Microsoft Windows 2000 Professional SP4
Microsoft Windows Server 2003 Datacenter Edition 64-bit Microsoft Windows 2000 Professional SP3
Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows 2000 Professional SP2
Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows 2000 Professional SP1
Microsoft Windows NT Server 4.0 SP6a Microsoft Windows 2000 Professional
Microsoft Windows NT Server 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows NT Server 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP6
Microsoft Windows NT Server 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP5
Microsoft Windows NT Server 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP4
Microsoft Windows NT Server 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP3
Microsoft Windows NT Server 4.0 SP1 Microsoft Windows NT Workstation 4.0 SP2
Microsoft Windows NT Server 4.0 Microsoft Windows NT Workstation 4.0 SP1
Microsoft Windows NT Enterprise Server 4.0 SP6a Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Enterprise Server 4.0 SP6
6. Microsoft Windows NT Terminal Server 4.0 SP6a Linux kernel 2.6.9 Linux kernel 2.6
Microsoft Windows NT Terminal Server 4.0 SP6 Linux kernel 2.6.8 rc3 Linux kernel 2.4.30 rc3
Microsoft Windows NT Terminal Server 4.0 SP5 Linux kernel 2.6.8 rc2 Linux kernel 2.4.30 rc2
Microsoft Windows NT Terminal Server 4.0 SP4 Linux kernel 2.6.8 rc1 Linux kernel 2.4.30
Microsoft Windows NT Terminal Server 4.0 SP3 + Ubuntu Ubuntu Linux 4.1 ia32 Linux kernel 2.4.29 -rc2
Microsoft Windows NT Terminal Server 4.0 SP2 + Ubuntu Ubuntu Linux 4.1 ia64 Linux kernel 2.4.29 -rc1
Microsoft Windows NT Terminal Server 4.0 SP1 + Ubuntu Ubuntu Linux 4.1 ppc Linux kernel 2.4.29
Microsoft Windows NT Terminal Server 4.0 Linux kernel 2.6.8 Linux kernel 2.4.28
Microsoft Windows 2000 Datacenter Server SP4 Linux kernel 2.6.7 rc1 Linux kernel 2.4.27 -pre5
Microsoft Windows 2000 Datacenter Server SP3 Linux kernel 2.6.7 Linux kernel 2.4.27 -pre4
Microsoft Windows 2000 Datacenter Server SP2 Linux kernel 2.6.6 rc1 Linux kernel 2.4.27 -pre3
Microsoft Windows 2000 Datacenter Server SP1 Linux kernel 2.6.6 Linux kernel 2.4.27 -pre2
Microsoft Windows 2000 Datacenter Server Linux kernel 2.6.5 Linux kernel 2.4.27 -pre1
Microsoft Windows 2000 Advanced Server SP4 Linux kernel 2.6.4 Linux kernel 2.4.27
Microsoft Windows 2000 Advanced Server SP3 Linux kernel 2.6.3 Linux kernel 2.4.26
Microsoft Windows 2000 Advanced Server SP2 Linux kernel 2.6.2 Linux kernel 2.4.25
Microsoft Windows 2000 Advanced Server SP1 Linux kernel 2.6.1 -rc2 Linux kernel 2.4.24 -ow1
Microsoft Windows 2000 Advanced Server Linux kernel 2.6.1 -rc1 Linux kernel 2.4.24
Linux kernel 2.6.11 .6 Linux kernel 2.6.1 Linux kernel 2.4.23 -pre9
Linux kernel 2.6.11 .5 Linux kernel 2.6 .10 Linux kernel 2.4.23 -ow2
Linux kernel 2.6.11 -rc4 Linux kernel 2.6 -test9-CVS Linux kernel 2.4.23
Linux kernel 2.6.11 -rc3 Linux kernel 2.6 -test9 Linux kernel 2.4.22
Linux kernel 2.6.11 -rc2 Linux kernel 2.6 -test8 + Devil-Linux Devil-Linux 1.0.4
Linux kernel 2.6.11 Linux kernel 2.6 -test7 + Devil-Linux Devil-Linux 1.0.5
Linux kernel 2.6.10 rc2 Linux kernel 2.6 -test6 + MandrakeSoft Linux Mandrake
Linux kernel 2.6.10 Linux kernel 2.6 -test5 9.2
+ RedHat Fedora Core2 Linux kernel 2.6 -test4 + MandrakeSoft Linux Mandrake
+ RedHat Fedora Core3 Linux kernel 2.6 -test3 9.2 amd64
+ Ubuntu Ubuntu Linux 5.0 4 amd64 Linux kernel 2.6 -test2 + RedHat Fedora Core1
+ Ubuntu Ubuntu Linux 5.0 4 i386 Linux kernel 2.6 -test11 + Slackware Linux 9.1
+ Ubuntu Ubuntu Linux 5.0 4 powerpc Linux kernel 2.6 -test10
Linux kernel 2.6 -test1
7. Linux kernel 2.4.21 pre7 Linux kernel 2.4.19 Linux kernel 2.4.6
Linux kernel 2.4.21 pre4 Linux kernel 2.4.18 pre-8 Linux kernel 2.4.5
+ MandrakeSoft Linux Mandrake 9.1 Linux kernel 2.4.18 pre-7 + Slackware Linux 8.0
+ MandrakeSoft Linux Mandrake 9.1 ppc Linux kernel 2.4.18 pre-6 Linux kernel 2.4.4
Linux kernel 2.4.21 pre1 Linux kernel 2.4.18 pre-5 Linux kernel 2.4.3
Linux kernel 2.4.21 Linux kernel 2.4.18 pre-4 Linux kernel 2.4.2
+ Conectiva Linux 9.0 Linux kernel 2.4.18 pre-3 Linux kernel 2.4.1
+ MandrakeSoft Linux Mandrake 9.1 Linux kernel 2.4.18 pre-2 Linux kernel 2.4 .0-test9
+ MandrakeSoft Linux Mandrake 9.1 ppc Linux kernel 2.4.18 pre-1 Linux kernel 2.4 .0-test8
+ RedHat Desktop 3.0 Linux kernel 2.4.18 x86 Linux kernel 2.4 .0-test7
+ RedHat Enterprise Linux AS 3 Linux kernel 2.4.18 Linux kernel 2.4 .0-test6
+ RedHat Enterprise Linux ES 3 Linux kernel 2.4.17 Linux kernel 2.4 .0-test5
+ RedHat Enterprise Linux WS 3 Linux kernel 2.4.16 Linux kernel 2.4 .0-test4
+ S.u.S.E. Linux Enterprise Server 8 Linux kernel 2.4.15 Linux kernel 2.4 .0-test3
+ S.u.S.E. Linux Personal 9.0 Linux kernel 2.4.14 Linux kernel 2.4 .0-test2
+ S.u.S.E. Linux Personal 9.0 x86_64 Linux kernel 2.4.13 Linux kernel 2.4 .0-test12
Linux kernel 2.4.20 + Caldera OpenLinux Server 3.1.1 Linux kernel 2.4 .0-test11
+ CRUX CRUX Linux 1.0 + Caldera OpenLinux Workstation 3.1.1 Linux kernel 2.4 .0-test10
+ Gentoo Linux 1.2 Linux kernel 2.4.12 Linux kernel 2.4 .0-test1
+ Gentoo Linux 1.4 + Conectiva Linux 7.0 Linux kernel 2.4
+ RedHat Linux 9.0 i386 Linux kernel 2.4.11
+ Slackware Linux 9.0 Linux kernel 2.4.10
+ WOLK WOLK 4.4 s Linux kernel 2.4.9
Linux kernel 2.4.19 -pre6 Linux kernel 2.4.8
Linux kernel 2.4.19 -pre5 Linux kernel 2.4.7
Linux kernel 2.4.19 -pre4 + RedHat Linux 7.2
Linux kernel 2.4.19 -pre3 + S.u.S.E. Linux 7.1
Linux kernel 2.4.19 -pre2 + S.u.S.E. Linux 7.2
Linux kernel 2.4.19 -pre1
Referência: www.securityfocus.com/bid/13215
8. Sistemas Não Afetados ....
OpenBSD
Único sistema operacional testado que não é afetado até o momento
9. Últimas Descobertas
● Mac OS X Tiger
● NetBSD 2.0
● FreeBSD 6.0 Beta
● Linux 2.6.13RC3
Descobertos durante o What the Hack!
32. Microsoft
“... At this point, we have completed our initial investigation
of this issue and have determined that the most apropriate ship
vehicle to fix this issue is a Service Pack for the affected suported
plataforms. This decision was arrived at after weighing the
seriousness of the vulnerability as well as the likelihood of
exploitability. ...”
33. Referências
TCP/IP Illustrated – W. Richard Stevens
[Advisory] http://www.securityfocus.com/bid/13215
[Exploit] http://www.securityfocus.com/data/vulnerabilities/exploits/storm.c
[What the Hack] http://wiki.whatthehack.org/index.php?title=Undead_Attack
34. Segurança é um processo e não
um produto
Bruce Schneier
Criador do Blowfish
35. E-mails
Diego Protta Casati
diego-casati@inatel.br
Leandro Spínola Rodrigues
leandro-rodrigues@inatel.br