42 lines
1.6 KiB
Plaintext
42 lines
1.6 KiB
Plaintext
Sping Attack..What you should Know
|
|
File Information was obtained from
|
|
http://www.darkening.com/ssping
|
|
====================================
|
|
|
|
What is it?
|
|
|
|
SSPING/Jolt is a program which effectively will freeze of almost any Windows95 or
|
|
Windows NT connection. It's based on old code which freezes old SysV and Posix
|
|
implementations.
|
|
|
|
It works basically by sending a series of spoofed & fragmented ICMP packets to the
|
|
target, which build up to be a 64k ping, and Windows95/NT then ceases to function
|
|
altogether.
|
|
|
|
Who does it effect?
|
|
|
|
This will affect almost all Windows95, Memphis and WindowsNT boxes which are
|
|
not behind a firewall which blocks ICMP packets. We have heard reports of some
|
|
computers not being effected however. This will also affect old MacOS machines
|
|
too, and it's possible it is also useful against old SysV/POSIX implementations.
|
|
|
|
Anyone who plays Quake or uses IRC has probably encountered an ssping/freeze
|
|
attack before, and is encouraged to patch themselves.
|
|
|
|
Why is this happening?
|
|
|
|
I think the root of the problem is that Microsoft seems to always code via RFC, and
|
|
doesn't write handlers for the "What if someone sends me something invalid"
|
|
possibility. This is not the first time Windows95 or NT has had problems with ICMP,
|
|
and if you would like to read the technical details, as well as look at the source code
|
|
for Jolt, click here.
|
|
|
|
How can I protect myself?
|
|
|
|
We have some patches and information available here. A bugfix has been posted by Microsoft
|
|
for NT4.0 I still haven't seen a Win95 or NT4 Workstation patch yet.
|
|
|
|
Check this site for updates!
|
|
|
|
|