<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta name=Title content=""><meta name=Keywords content=""><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:Calibri;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body bgcolor=white lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'>Sorry to see that things haven’t changed. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'>While it’s certainly not as sexy as RCE, it’s damaging, can lead to data loss, and as you point out, an enterprise wide outage.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'>Found the first one of these in NT in 1998 while reversing Microsoft’s DCE-RPC implementation which at the time was not yet documented: <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'><a href="http://insecure.org/sploits/NT.smb.login.DOS.html">http://insecure.org/sploits/NT.smb.login.DOS.html</a><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'>Oliver<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'><o:p> </o:p></span></p><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:Calibri;color:black'>From: </span></b><span style='font-size:11.0pt;font-family:Calibri;color:black'>Dailydave <dailydave-bounces@lists.immunityinc.com> on behalf of Dave Aitel <dave.aitel@gmail.com><br><b>Date: </b>Tuesday, August 8, 2017 at 11:27 AM<br><b>To: </b>"dailydave@lists.immunityinc.com" <dailydave@lists.immunityinc.com><br><b>Subject: </b>[Dailydave] SMBLoris<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'>So I know it's Microsoft Tuesday, but we've been working on that SMBLoris bug a bit more for release to customers as well, and as part of that, we're spending a lot of time thinking about it, as deceptively simple as it is.<o:p></o:p></span></p><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'>The thing I'm wondering is why people outside of FinancialSec think DoS is almost a non-issue. Most companies have only a few domain controllers, and when those go down, the company goes down. And they have to be reachable on these exact ports, from anywhere in the company, essentially. <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'>It seems like this is one of those things that got a tiny splash of attention, but could be worth more. :)<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'>-dave<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'> <o:p></o:p></span></p></div></div><p class=MsoNormal><span style='font-size:11.0pt;font-family:Calibri'>_______________________________________________ Dailydave mailing list Dailydave@lists.immunityinc.com https://lists.immunityinc.com/mailman/listinfo/dailydave <o:p></o:p></span></p></div></body></html>