Intrusion Prevention

Snork.UDP.DoS

Description

It indicates a Denial-of-Service (DoS) attack known as Snork.
Snork utilizes a specially-crafted TCP packet to slow down or even crash a target system.

Affected Products

Any unprotected Windows 95/NT systems, Macintosh systems, and most Unix systems are vulnerable to the attack.

Impact

Depending on the operating systems, the impact of this attack ranges from slowing down the system to crashing it.

Recommended Actions

Apply the appropriate patches or upgrade to an unaffected software version.
Microsoft has released an advisory and updates to address this and other issues.
Microsoft has released revised fixes to address this and other issues. Microsoft recommends installing the revised fixes even if the previous versions have been installed.
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
Microsoft Security Update for Windows Server 2003 64-bit Edition and Windows XP 64-bit Edition, Version 20
http://www.microsoft.com/downloads/details.aspx?familyid=AC019224-82BE -4263-B977-02D4DC6C9FF6&displaylang=en
Microsoft Windows Server 2003 Standard Edition
Microsoft Security Update for Windows Server 2003 (KB893066)
http://www.microsoft.com/downloads/details.aspx?familyid=F1F9A44F-D4F1 -4EF8-83F7-737DF6CC292E&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
Microsoft Security Update for Windows Server 2003 64-bit Edition and Windows XP 64-bit Edition, Version 20
http://www.microsoft.com/downloads/details.aspx?familyid=AC019224-82BE -4263-B977-02D4DC6C9FF6&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Security Update for Windows Server 2003 (KB893066)
http://www.microsoft.com/downloads/details.aspx?familyid=F1F9A44F-D4F1 -4EF8-83F7-737DF6CC292E&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Security Update for Windows Server 2003 (KB893066)
http://www.microsoft.com/downloads/details.aspx?familyid=F1F9A44F-D4F1 -4EF8-83F7-737DF6CC292E&displaylang=en
Microsoft Windows XP Home SP2
Microsoft Security Update for Windows XP (KB893066)
http://www.microsoft.com/downloads/details.aspx?familyid=81049A86-6F39 -4A27-A643-391262785CF3&displaylang=en
Microsoft Windows Server 2003 Web Edition
Microsoft Security Update for Windows Server 2003 (KB893066)
http://www.microsoft.com/downloads/details.aspx?familyid=F1F9A44F-D4F1 -4EF8-83F7-737DF6CC292E&displaylang=en
Microsoft Windows XP Professional SP2
Microsoft Security Update for Windows XP (KB893066)
http://www.microsoft.com/downloads/details.aspx?familyid=81049A86-6F39 -4A27-A643-391262785CF3&displaylang=en
Microsoft Windows 95
Microsoft Q177539
http://download.microsoft.com/download/win95upg/update4/1/w95/EN-US/vt cpup20.exe
HP HP-UX 10.0 1
HP PHNE_13472
Series 800
ftp://ftp.itrc.hp.com/superseded_patches/hp-ux_patches/s800/10.X/PHNE_ 13472
HP PHNE_13473
ftp://ftp.itrc.hp.com/superseded_patches/hp-ux_patches/s700/10.X/PHNE_ 13473
HP HP-UX 10.0
HP PHNE_13474
Series 800
ftp://ftp.itrc.hp.com/hp-ux_patches/s800/10.X/PHNE_13474
HP PHNE_13475
Series 700
ftp://ftp.itrc.hp.com/hp-ux_patches/s700/10.X/PHNE_13475
HP HP-UX 10.10
HP PHNE_13470
Series 800
ftp://ftp.itrc.hp.com/superseded_patches/hp-ux_patches/s800/10.X/PHNE_ 13470
HP PHNE_13471
Series 700
ftp://ftp.itrc.hp.com/hp-ux_patches/s700/10.X/PHNE_13471
HP HP-UX 10.16
HP PHKL_14242
Series 700
ftp://ftp.itrc.hp.com/hp-ux_patches/s700/10.X/PHKL_14242
HP PHKL_14243
Series 800
ftp://ftp.itrc.hp.com/hp-ux_patches/s800/10.X/PHKL_14243
HP HP-UX 10.20
HP PHNE_13468
ftp://ftp.itrc.hp.com/superseded_patches/hp-ux_patches/s800/10.X/PHNE_ 13468
HP HP-UX (VVOS) 10.24
HP PHNE_13888
ftp://ftp.itrc.hp.com/superseded_patches/hp-ux_patches/s700/10.X/PHNE_ 13888
HP PHNE_13889
Series 800
ftp://ftp.itrc.hp.com/superseded_patches/hp-ux_patches/s800/10.X/PHNE_ 13889
HP HP-UX 10.30
HP PHNE_13671
ftp://ftp.itrc.hp.com/superseded_patches/hp-ux_patches/s700_800/10.X/P HNE_13671
HP HP-UX 11.0
HP PHNE_26771
http://itrc.hp.com
FreeBSD FreeBSD 2.2.5
FreeBSD land-22
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/old/SA-98:01/land-22
Microsoft Windows NT Enterprise Server 4.0 SP3
Microsoft Q165005
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfi xes-postSP3/teardrop2-fix/tearfixi.exe
Microsoft Windows NT Server 4.0 SP3
Microsoft Q165005
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfi xes-postSP3/teardrop2-fix/tearfixi.exe
Microsoft Windows NT Terminal Server 4.0 SP3
Microsoft Q165005
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfi xes-postSP3/teardrop2-fix/tearfixi.exe
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Q165005
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfi xes-postSP3/teardrop2-fix/tearfixi.exe
SCO Open Server 5.0
SCO sse010
ftp://ftp.sco.COM/SSE/sse010.tar.Z

CVE References

CVE-1999-0969 CVE-1999-0016

Other References

1