Microsoft KB Archive/273727

= Denial of Service Possible on an IPX/SPX Protocol Using the Name Management Port =

Article ID: 273727

Article Last Modified on 1/29/2007

-

APPLIES TO


 * Microsoft Windows Millennium Edition
 * Microsoft Windows 98 Second Edition
 * Microsoft Windows 98 Standard Edition
 * Microsoft Windows 95
 * Microsoft Windows 95
 * Microsoft Windows 95
 * Microsoft Windows 95

-



This article was previously published under Q273727



SYMPTOMS
Your computer may stop responding (hang) when the following conditions are true:
 * The Microsoft IPX/SPX protocol is installed on your computer.
 * Your computer receives the IPX/SPX NMPI port denial of service.
 * You are connected to a network that routes IPX packets.



CAUSE
This problem can occur if your computer receives a denial of service that targets an IPX NetBIOS name management port. This type of denial of service can generate large amounts of network traffic (a network storm) by using the IPX/SPX protocol.

A portion of the IPX/SPX protocol that listens on the NMPI port 551h replies to any requesting network address. The NMPI listener software does not filter the requesting computer's network address correctly, and may reply to a network broadcast address, which causes other IPX NMPI listener programs to also reply. This can generate a large amount of unnecessary network traffic.



RESOLUTION
A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem.

To resolve this problem, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix should have the following file attributes or later:

Date       Time     Version    Size     File name    Operating system -- 12/08/2000 09:30pm  4.00.958    51,052  Nwlink.vxd   Windows 95 02/01/2001 05:03pm  4.00.956   108,264  Vserver.vxd  Windows 95 12/08/2000 09:36pm  4.00.1117   51,567  Nwlink.vxd   Windows 95 OSR2 01/09/2001 01:40pm  4.00.1114  112,904  Vserver.vxd  Windows 95 OSR2 11/28/2000 08:10pm  4.10.2002   51,546  Nwlink.vxd   Windows 98 01/04/2001 10:30pm  4.10.2002  112,912  Vserver.vxd  Windows 98 11/28/2000 07:38pm  4.10.2226   51,551  Nwlink.vxd   Windows 98 Second Edition 01/04/2001 10:32pm  4.10.2225  112,912  Vserver.vxd  Windows 98 Second Edition 11/28/2000 11:10pm  4.90.3003   51,535  Nwlink.vxd   Windows Me 01/04/2001  10:06pm  4.90.3002  112,896  Vserver.vxd  Windows Me



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.



MORE INFORMATION
Because this problem only affects computers that are on networks that route IPX, most users cannot be subjected to this denial of service.

For additional information about Windows 95 hotfixes, click the article number below to view the article in the Microsoft Knowledge Base:

161020 Implementing Windows 95 Updates

For additional information about Windows 98 and Windows 98 Second Edition hotfixes, click the article number below to view the article in the Microsoft Knowledge Base:

206071 General Information on Windows 98 and SE Hotfixes

For additional information about Windows ME hotfixes, click the article number below to view the article in the Microsoft Knowledge Base:

295413 General Information About Windows Millennium Edition Hotfixes

For additional information, see Security Bulletin MS00-073. To do so, visit the following Microsoft Web site: http://www.microsoft.com/technet/security/bulletin/MS00-073.mspx

Additional query words: NMPI attac DoS

Keywords: kbbug kbfix kbqfe kbnetwork kbhotfixserver KB273727

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.