Nuke Information

SMB
Aliases/variants: Server Message Block (SMB) logon attack
Affects: Windows NT4
Symptoms: System hang or restart.

bonk
Aliases/variants: boink, newtear, teardrop2
Affects: Windows 95 / NT4
Symptoms: Blue screen freeze and crash. If you have been patched since 12/97 against the other nukes below and as of 1/8/98 suddenly started to get the blue screen, you're probably being "bonked".

land
Affects: Windows 95 / NT / 3.11, many others
Symptoms: Freeze and crash. You're probably being "landed" if you were nuke-safe until mid-November or if you're already patched against the other nukes.

teardrop
Aliases/variants: tear, TCP/IP fragment bug, overlapfrag bug
Affects: Windows 3.1/95/NT, Linux (before 2.0.32 and 2.1.63)
Symptoms: Immediate crash or reboot. If you know you're safe against "winnuke" and "ssping" below and you still crash, you are probably suffering from either "land" or "teardrop". If you just get disconnected it's probably "click".

click
Aliases/variants: [the original] nuke, ICMP nuke, ICMP_REDIRECT or ICMP_DEST_UNREACH spoof, WinNewk/WinNewk-X
Affects: All IRC users unless protected by firewall or other filter.
Symptoms: You are disconnected from the IRC server but otherwise your connection to your ISP is fine. Your computer does not crash. Others will usually see you quit with the message "Connection reset by peer" although other networking related error messages are also possible.

ssping
Aliases/variants: jolt, sPING, ICMP bug, IceNewk, "Ping of Death".
Affects: Windows 95 / NT, and many others!
Symptoms: Computer locks up, usually requiring a reboot (reset switch such as ctrl+alt+del doesn't work). After restart, computer runs as usual.

WinNuke
Aliases/variants: Windows OOB bug.
Affects: Windows 95 / 3.11 / NT
Symptoms: "Blue Screen" (virtual device driver) error. Computer usually recovers, but Internet connection doesn't, requiring reboot (usual shutdown procedure should work). May also cause computer to lock up.

ICMP flood
Aliases/variants: ping flood, ICMP_ECHO flood
Affects: all modem connections
Symptoms: Modem lights go berserk indicating overflow of information, Internet applications get very slow, after 15-60 secs you get disconnected (from your server or even your provider). Everything is fine after reconnect (unless you get flooded again), no crash or reboot.

smurf
Affects: whole provider or IRC server
Symptoms: Imagine ICMP flooding for an entire provider or server. Everybody connected gets bogged down and kicked off, attack can last for hours or days.

ATH0
Aliases/variants: +++ ATH0
Affects: many types of modems
Symptoms: Modem gets disconnected.




Patches

Patches for Microsoft Windows 95
(These are the patches for OOBNuke, Winnuke, Jolt, SSPING, IceNuke and TearDrop)

Use the following steps to upgrade to Winsock 2.2 and patch the Internet bugs in Windows 95. Be sure to perform these steps in the order as they appear.

1. Install the MS DUN 1.2 Upgrade (MSDUN12.EXE ftp://ftp.kappa.ro/pub/Windows/95-98...es/msdun12.exe ) and reboot.
2. Install the Winsock 2.2 Upgrade (WS2SETUP.EXE ftp://ftp.kappa.ro/pub/Windows/95-98...s/ws2setup.exe ) and reboot.
3. Install the Winsock 2.2 Patch (VIPUP20.EXE ftp://ftp.kappa.ro/pub/Windows/95-98...es/vipup20.exe ) and reboot.
4. Install the Land patch (VTCPUP20.EXE ftp://ftp.kappa.ro/pub/Windows/95-98...s/vtcpup20.exe ) and reboot.
5. Rename VNBT.386 to VNBT.BAK or use the VNBT.386 Fix (VNBT.EXE ftp://ftp.kappa.ro/pub/Windows/95-98...tches/vnbt.exe ) and reboot.

Patches for Microsoft Windows NT

1. Install Service Pack 3 (NT4SP3_I.EXE ftp://ftp.microsoft.com/bussys/winnt...40/ussp3/i386/ )
2. Install the Bonk, Boink and Teardrop2 patch TEARFIXI.ZIP (ftp://ftp.kappa.ro/pub/Windows/NT-4.0/TEARFIXI.zip) . This patch supercedes the ICMP-fix, OOB-fix, Simptcp-fix and Land hotfixes.

ATH0 Exploit


Modems known to be affected:
Logicode 28.8
Supra 33.6 (internal)
Diamond Supra v.90
Diamond SupraExpress 56k
Noblelink 56k Plug and Play
Zoom Internal 56kflex/v.90 (model 2812?)
A/Open(acer) 56k
(Many more here, but only this has been tested)


Solution 1
The fix is for Windows 9x but I'm sure is easy enough to figure out how to fix this problem on other operating systems just by looking at the fix itself.
Run regedit and look for the following key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Modem\0000

Create a string value in that key called UserInit and give it a value of s2=255 (if your modem is still vulnerable, try useing a value of s2=127).
Now reboot the computer and your modem will be patched.


Solution 2
Add "ATS2=255" in your modem init string.


Then again u can always run a trust firewall (which i think is a must!)



Tiny Personal Firewall 2.0.15 - Tiny Personal Firewall (TPF) is a powerful and free utility designed to protect home cable and DSL connections. TPF provides multi-layer security protection in controlling which applications are allowed to transmit and receive data, MD5 Signature Support to ensure that Trojan horse applications cannot communicate, stateful filtering based on SRC/DST IP address, port and application to determine if incoming packets were requested, remote access to logs and statistics, and intrusion detection. This build corrects TDI errors.
http://download.cnet.com/downloads/0...05-110-6313778

Sygate Personal Firewall 4.2 Build 872 - Sygate Personal Firewall is a bi-directional intrusion-defense system for your personal computer. It ensures that your computer is protected from hackers and other intruders while preventing unauthorized programs on your computer from accessing the network. Sygate Personal Firewall makes machines invisible to the outside world. It works on computers connected to a private network or the Internet. This program assures that your business, personal, financial, and other data is safe and secure.
http://download.cnet.com/downloads/0...05-110-8593035

NetWatcher 2000 - This utility runs in the background while you are connected to the Internet, monitoring queries for information. If it detects one, it alerts you and gives you the option of immediately closing the connection. The program also logs the intruder's IP address, port number, and host, letting you report the intruder to their Internet service provider
http://www.pcworld.com/downloads/fil...leidx,1,00.asp

ConSeal PC Firewall - This personal firewall lets you create rule sets that dictate what data can access your PC. It protects you from Internet threats, as well as from applications on your network. The firewall lives beneath your operating system, and any offending packet or data is automatically dismissed. You can define what type of data you want to avoid, or you can put the firewall in learning mode, which will create a rule set based on your actions. If an unknown packet tries to access your PC, the program lets you know and waits for your permission. The program also includes a Whois link for retrieving remote-host information
http://www.pcworld.com/downloads/fil...leidx,1,00.asp



These are just some protection ideas against simple DoS but even the most simple things can be very good.
i suggest if u run a windows box u fix the sploits ive listed above, and also install a trust worthy firewall

Then again theres the dreaded DDoS which no real cure can be downloaded to protect u from this.. My best advice against DDoS is dont let urself be a target by it by not going to any form of cheat program without usin some sort of proxy or redirect!

Most the info i found here was found by usin www.google.com and multiple webpages , way 2 many to list and its all just random data i thought ud like to hear if u wonder about DoS.

-NetSyn