Check or Attack Name: Snork DoS

A vulnerability has been identified in Windows NT 4.0 up to SP4 that allows a remote attacker with minimal resources to cause the system to consume all available processor and network bandwidth resources for an indefinite length of time. The attack induces a storm of packets much like the smurf and fraggle attacks and has been referred to as the snork attack.

This problem was fixed in Windows NT 4.0 Service Pack 4 (SP4), which also included fixes for several other security problems. Users who do not wish to install SP4 should obtain and apply the Snk-fix post-SP3 hotfix.

Microsoft Security Bulletin MS98-014, Update available for RPC Spoofing Denial of Service on Windows NT, http://www.microsoft.com/security/bulletins/ms98-014.asp

ISS Security Advisory #9, Snork Denial of Service Attack Against Windows NT RPC Service, http://xforce.iss.net/alerts/advise9.php3

Microsoft Knowledge Base Article Q193233, Rpcss.exe Consumes 100% CPU Due to RPC Spoofing Attack, http://support.microsoft.com/support/kb/articles/q193/2/33.asp