26th Sep 2002 [SBWID-5281]
	LanMan DoS on port 445
	 Windows 2000 Server (SP0, SP1, SP2)
	 Windows 2000 Advanced Server (SP0, SP1, SP2)
	 Windows 2000 Professional (SP0, SP1, SP2)
	In Peter Gründl [[email protected]] advisory [BUG-ID: 2002011] :
	Sending malformed packets to the microsoft-ds port (TCP 445) can  result
	in  kernel  ressources  being  allocated  by  the  LANMAN  service.  The
	consequences of such an attack could vary from  the  Windows  2000  host
	completely ignoring the attack to a blue screen.
	An attack could be something as simple as sending  a  continuous  stream
	of 10k null chars to TCP port 445.
	The most  common  symptoms  would  be  that  the  LANMAN  service  would
	allocate a  lot  of  kernel  memory,  until  a  point,  where  very  few
	applications would be able to run. The routine that draws windows  would
	commence to  draw  incomplete  windows,  the  warning  "beep"  would  be
	replaced by an error stating that the sound driver could not be  loaded.
	Internet Information Server would no longer  be  able  to  service  .asp
	pages, attempts to reboot the server (as administrator) would result  in
	the error "You do not have  permissions  to  shutdown  or  restart  this
	computer.", aso.
	It would frequently be possible to cause the system service to  enter  a
	state where it constantly used 100% CPU usage. A PC  was  left  in  this
	state over the weekend, to see if it would recover on it's own.  It  did
	not recover.