DoS (Info and Protection)

View Poll Results: What do you use and how?

Voters
9. You may not vote on this poll
  • Windows at home - Linux at work

    0 0%
  • Linux at home - Windows at work

    6 66.67%
  • Windows at home - Windows at work

    2 22.22%
  • Linux at home - Linux at work

    1 11.11%
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: DoS (Info and Protection)

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    657

    DoS (Info and Protection)

    Nuke Information

    SMB
    Aliases/variants: Server Message Block (SMB) logon attack
    Affects: Windows NT4
    Symptoms: System hang or restart.

    bonk
    Aliases/variants: boink, newtear, teardrop2
    Affects: Windows 95 / NT4
    Symptoms: Blue screen freeze and crash. If you have been patched since 12/97 against the other nukes below and as of 1/8/98 suddenly started to get the blue screen, you're probably being "bonked".

    land
    Affects: Windows 95 / NT / 3.11, many others
    Symptoms: Freeze and crash. You're probably being "landed" if you were nuke-safe until mid-November or if you're already patched against the other nukes.

    teardrop
    Aliases/variants: tear, TCP/IP fragment bug, overlapfrag bug
    Affects: Windows 3.1/95/NT, Linux (before 2.0.32 and 2.1.63)
    Symptoms: Immediate crash or reboot. If you know you're safe against "winnuke" and "ssping" below and you still crash, you are probably suffering from either "land" or "teardrop". If you just get disconnected it's probably "click".

    click
    Aliases/variants: [the original] nuke, ICMP nuke, ICMP_REDIRECT or ICMP_DEST_UNREACH spoof, WinNewk/WinNewk-X
    Affects: All IRC users unless protected by firewall or other filter.
    Symptoms: You are disconnected from the IRC server but otherwise your connection to your ISP is fine. Your computer does not crash. Others will usually see you quit with the message "Connection reset by peer" although other networking related error messages are also possible.

    ssping
    Aliases/variants: jolt, sPING, ICMP bug, IceNewk, "Ping of Death".
    Affects: Windows 95 / NT, and many others!
    Symptoms: Computer locks up, usually requiring a reboot (reset switch such as ctrl+alt+del doesn't work). After restart, computer runs as usual.

    WinNuke
    Aliases/variants: Windows OOB bug.
    Affects: Windows 95 / 3.11 / NT
    Symptoms: "Blue Screen" (virtual device driver) error. Computer usually recovers, but Internet connection doesn't, requiring reboot (usual shutdown procedure should work). May also cause computer to lock up.

    ICMP flood
    Aliases/variants: ping flood, ICMP_ECHO flood
    Affects: all modem connections
    Symptoms: Modem lights go berserk indicating overflow of information, Internet applications get very slow, after 15-60 secs you get disconnected (from your server or even your provider). Everything is fine after reconnect (unless you get flooded again), no crash or reboot.

    smurf
    Affects: whole provider or IRC server
    Symptoms: Imagine ICMP flooding for an entire provider or server. Everybody connected gets bogged down and kicked off, attack can last for hours or days.

    ATH0
    Aliases/variants: +++ ATH0
    Affects: many types of modems
    Symptoms: Modem gets disconnected.




    Patches

    Patches for Microsoft Windows 95
    (These are the patches for OOBNuke, Winnuke, Jolt, SSPING, IceNuke and TearDrop)

    Use the following steps to upgrade to Winsock 2.2 and patch the Internet bugs in Windows 95. Be sure to perform these steps in the order as they appear.

    1. Install the MS DUN 1.2 Upgrade (MSDUN12.EXE ftp://ftp.kappa.ro/pub/Windows/95-98...es/msdun12.exe ) and reboot.
    2. Install the Winsock 2.2 Upgrade (WS2SETUP.EXE ftp://ftp.kappa.ro/pub/Windows/95-98...s/ws2setup.exe ) and reboot.
    3. Install the Winsock 2.2 Patch (VIPUP20.EXE ftp://ftp.kappa.ro/pub/Windows/95-98...es/vipup20.exe ) and reboot.
    4. Install the Land patch (VTCPUP20.EXE ftp://ftp.kappa.ro/pub/Windows/95-98...s/vtcpup20.exe ) and reboot.
    5. Rename VNBT.386 to VNBT.BAK or use the VNBT.386 Fix (VNBT.EXE ftp://ftp.kappa.ro/pub/Windows/95-98...tches/vnbt.exe ) and reboot.

    Patches for Microsoft Windows NT

    1. Install Service Pack 3 (NT4SP3_I.EXE ftp://ftp.microsoft.com/bussys/winnt...40/ussp3/i386/ )
    2. Install the Bonk, Boink and Teardrop2 patch TEARFIXI.ZIP (ftp://ftp.kappa.ro/pub/Windows/NT-4.0/TEARFIXI.zip) . This patch supercedes the ICMP-fix, OOB-fix, Simptcp-fix and Land hotfixes.

    ATH0 Exploit


    Modems known to be affected:
    Logicode 28.8
    Supra 33.6 (internal)
    Diamond Supra v.90
    Diamond SupraExpress 56k
    Noblelink 56k Plug and Play
    Zoom Internal 56kflex/v.90 (model 2812?)
    A/Open(acer) 56k
    (Many more here, but only this has been tested)


    Solution 1
    The fix is for Windows 9x but I'm sure is easy enough to figure out how to fix this problem on other operating systems just by looking at the fix itself.
    Run regedit and look for the following key:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Modem\0000

    Create a string value in that key called UserInit and give it a value of s2=255 (if your modem is still vulnerable, try useing a value of s2=127).
    Now reboot the computer and your modem will be patched.


    Solution 2
    Add "ATS2=255" in your modem init string.


    Then again u can always run a trust firewall (which i think is a must!)



    Tiny Personal Firewall 2.0.15 - Tiny Personal Firewall (TPF) is a powerful and free utility designed to protect home cable and DSL connections. TPF provides multi-layer security protection in controlling which applications are allowed to transmit and receive data, MD5 Signature Support to ensure that Trojan horse applications cannot communicate, stateful filtering based on SRC/DST IP address, port and application to determine if incoming packets were requested, remote access to logs and statistics, and intrusion detection. This build corrects TDI errors.
    http://download.cnet.com/downloads/0...05-110-6313778

    Sygate Personal Firewall 4.2 Build 872 - Sygate Personal Firewall is a bi-directional intrusion-defense system for your personal computer. It ensures that your computer is protected from hackers and other intruders while preventing unauthorized programs on your computer from accessing the network. Sygate Personal Firewall makes machines invisible to the outside world. It works on computers connected to a private network or the Internet. This program assures that your business, personal, financial, and other data is safe and secure.
    http://download.cnet.com/downloads/0...05-110-8593035

    NetWatcher 2000 - This utility runs in the background while you are connected to the Internet, monitoring queries for information. If it detects one, it alerts you and gives you the option of immediately closing the connection. The program also logs the intruder's IP address, port number, and host, letting you report the intruder to their Internet service provider
    http://www.pcworld.com/downloads/fil...leidx,1,00.asp

    ConSeal PC Firewall - This personal firewall lets you create rule sets that dictate what data can access your PC. It protects you from Internet threats, as well as from applications on your network. The firewall lives beneath your operating system, and any offending packet or data is automatically dismissed. You can define what type of data you want to avoid, or you can put the firewall in learning mode, which will create a rule set based on your actions. If an unknown packet tries to access your PC, the program lets you know and waits for your permission. The program also includes a Whois link for retrieving remote-host information
    http://www.pcworld.com/downloads/fil...leidx,1,00.asp



    These are just some protection ideas against simple DoS but even the most simple things can be very good.
    i suggest if u run a windows box u fix the sploits ive listed above, and also install a trust worthy firewall

    Then again theres the dreaded DDoS which no real cure can be downloaded to protect u from this.. My best advice against DDoS is dont let urself be a target by it by not going to any form of cheat program without usin some sort of proxy or redirect!

    Most the info i found here was found by usin www.google.com and multiple webpages , way 2 many to list and its all just random data i thought ud like to hear if u wonder about DoS.

    -NetSyn
    [shadow]i have a herd of 1337 sheep[/shadow]
    Worth should be judged on quality... Not apperance... Anyone can sell you **** inside a pretty box.. The only real gift then is the box..

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    206
    Great stuff NetSyn

    If more of the people in the know spread their knowledge around,

    then it would be better for all!

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    657

    Arrow

    I got alot of negative points and positive points from this post, mostly positive but the few negatives seemed to this this was usless info mainly because they already knew this stuff... so what if u already knew it.. Not everyone does and there are many people vunerable to ath0 and other such DoS attacks that dont even know what they are... so if u already know this crap good for u, dont give me negative points for trying to help the few that dont.. cause thatll just cause me not to give out informations like this to the people who may need it
    [shadow]i have a herd of 1337 sheep[/shadow]
    Worth should be judged on quality... Not apperance... Anyone can sell you **** inside a pretty box.. The only real gift then is the box..

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    883
    Well, I may have known some of it myself, but it was still a great post. I'm sure their are many more people in this world that know more than me and some that know less. We can all benifit from a post such as this. No reason for a negative antipoint. Sometimes I forget stuff. I always keep text copys of info such as this around for reference.
    Good post and greenies for you post this info for all. New and old.
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    Good post NetSyn.

  6. #6
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628

    One correction

    The Sygate information is old, though. The new version and the only version you should be running is 5.0. Otherwise very useful.

    Good post, though.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  7. #7
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    good post.
    Trappedagainbyperfectlogic.

  8. #8
    Junior Member
    Join Date
    Jan 2002
    Posts
    9
    Greattttt! post NetSyn...very informative for a newbie...heheheh..


    SilVerRusT
    (hi...ho...silver away!)

  9. #9
    Senior Member BrainStop's Avatar
    Join Date
    Jan 2002
    Posts
    295
    Good post, NetSyn!

    As far as firewalls are concerned, I personally like ZoneAlarm from zonelabs.com. Easy to use and pretty good. But anyway, that's just my opinion.

    Cheers,

    BrainStop

  10. #10
    Senior Member
    Join Date
    Jan 2002
    Posts
    154
    I am totally new to this stuff reading as much as i can and its posts like yours that help alot with a setting up a good base of information great post hope you keep posting more like this i know if you do ill be here reading them. Great info.

    Kindred69
    ForeverLearning

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •