What is an OOB packet, how does one go about sending one, and how does one go about filtering them out of certain ports so as to stop from being a victim of a DoS Attack.
Printable View
What is an OOB packet, how does one go about sending one, and how does one go about filtering them out of certain ports so as to stop from being a victim of a DoS Attack.
In the context that I think you're talking about...
And OOB packet would just be a data chunk that is made in such a way that the recieving system goes 'oops' and messes up somehow due to a bug. If you're talking about a "Win-nuke" or something like that, it is largely fixed. It was basically sending data that the OS doesn't expect which causes a bug to occur which crashes the machine, it's nothing magic, just a mistake in the programming of the recieving machine so that it doesn't act correctly. You should be fine if you have updated Windows 95, 98, NT, 2k, ME, XP or some other OS.
OOB packets are sent by setting the OOB flag on the TCP packet - a few databases actually use(d?) them for conveying real data across a network. It was, at one point, an unhandled flag in MS' TCP stack and, as a result, crashed their systems. At this point, updating your system(s) with MS' current patches should be enough to fix the thing.Quote:
Originally posted here by terminalillness
What is an OOB packet, how does one go about sending one, and how does one go about filtering them out of certain ports so as to stop from being a victim of a DoS Attack.
Just block all unneeded ports and you should be fine (pretty much all inbound ports - there are some small exceptions to that if your firewall isn't stateful (like DNS/UDP, some high port UDP if you use traceroute, etc))
or just d/l a patch http://www.irongate.ch/security/defense.htm