Denial of service in Windows 2000

Discussion in 'other security issues & news' started by spy1, Apr 22, 2002.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    According to a report by SecurityFocus -at http://online.securityfocus.com/bid/4532
    - a denial of service problem has
    been discovered in Windows 2000.

    Due to this vulnerability, a malicious user could block the system by
    sending malformed data to port 445. This would cause the Lanman service to
    consume high levels of CPU and Kernel memory resources.

    Microsoft also offers information on this problem at
    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q320751, and
    describes two methods(*) for dealing with the problem. The first method
    involves disabling  NetBIOS over TCP/IP, which closes the vulnerable port.
    However, if there are programs being used that require NetBIOS support, you
    can create and configure the MaxWorkItems value in the registry. To do this,
    follow these steps:

    1. Start Registry Editor (Regedt32.exe).

    2. Locate the Parameters value under the following key in the registry:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\

    3. On the Edit menu, click Add Value, type MaxWorkItems.

    4. Click REG_DWORD, and then click OK.

    5. Set the data to the one of the following:
    - 1024 for computers with a large amount of memory (greater than 2 gigabytes
    of memory).
    - 512 for computers with a medium amount of memory (512 megabytes to -2
    gigabytes).
    - 256 for computers with a small amount of memory (less than 512 megabytes).

    6. Quit Registry Editor.

    (*)WARNING: Microsoft warns that using Registry Editor incorrectly can cause
    serious problems that may require that you reinstall your operating system,
    and that problems resulting from the incorrect use of Registry Editor may
    not be able to be resolved.)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.