[CONTACT]

[ABOUT]

[POLICY]

Sping Attack.What you should

Found at: 0x1bi.net:70/textfiles/file?hacking/MICROSOFT/sping.txt

Sping Attack..What you should Know
File Information was obtained from
http://www.darkening.com/ssping
====================================

What is it?

   SSPING/Jolt is a program which effectively will freeze of almost any Windows95 or
   Windows NT connection. It's based on old code which freezes old SysV and Posix
   implementations. 

   It works basically by sending a series of spoofed & fragmented ICMP packets to the
   target, which build up to be a 64k ping, and Windows95/NT then ceases to function
   altogether.

Who does it effect?

   This will affect almost all Windows95, Memphis and WindowsNT boxes which are
   not behind a firewall which blocks ICMP packets. We have heard reports of some
   computers not being effected however. This will also affect old MacOS machines
   too, and it's possible it is also useful against old SysV/POSIX implementations.

   Anyone who plays Quake or uses IRC has probably encountered an ssping/freeze
   attack before, and is encouraged to patch themselves. 

Why is this happening?

   I think the root of the problem is that Microsoft seems to always code via RFC, and
   doesn't write handlers for the "What if someone sends me something invalid"
   possibility. This is not the first time Windows95 or NT has had problems with ICMP,
   and if you would like to read the technical details, as well as look at the source code
   for Jolt, click here.

How can I protect myself?

   We have some patches and information available here.  A bugfix has been posted by Microsoft
   for NT4.0  I still haven't seen a Win95 or NT4 Workstation patch yet.  

Check this site for updates!




AD: