Sping Attack..What you should Know
File Information was obtained from
What is it?
SSPING/Jolt is a program which effectively will freeze of almost any Windows95 or
Windows NT connection. It's based on old code which freezes old SysV and Posix
It works basically by sending a series of spoofed & fragmented ICMP packets to the
target, which build up to be a 64k ping, and Windows95/NT then ceases to function
Who does it effect?
This will affect almost all Windows95, Memphis and WindowsNT boxes which are
not behind a firewall which blocks ICMP packets. We have heard reports of some
computers not being effected however. This will also affect old MacOS machines
too, and it's possible it is also useful against old SysV/POSIX implementations.
Anyone who plays Quake or uses IRC has probably encountered an ssping/freeze
attack before, and is encouraged to patch themselves.
Why is this happening?
I think the root of the problem is that Microsoft seems to always code via RFC, and
doesn't write handlers for the "What if someone sends me something invalid"
possibility. This is not the first time Windows95 or NT has had problems with ICMP,
and if you would like to read the technical details, as well as look at the source code
for Jolt, click here.
How can I protect myself?
We have some patches and information available here. A bugfix has been posted by Microsoft
for NT4.0 I still haven't seen a Win95 or NT4 Workstation patch yet.
Check this site for updates!