Editor's reviews |
|---|
I've been using IRC a lot lately. There are a lot of scripts for the mIRC chat client, but sometimes a good flood script is not good enough (especially when you have to suffer a 2400 bps modem connnection) If somebody bothers, now you can kill him instantly. There is a bug in Windows 95 and Windows NT that allows you to hang anyone's machine connected to the Internet. WinNuke is the popular name of a bug found on all operating systems with a built-in TCP/IP stack by Microsoft (and that includes Windows 3.11, Windows 95, and Windows NT). This error has even come out on TV on CNN here in my country (a small 11'000.000 people country in South America) - along with the bug reports of IE 3.0. The TCP/IP stack (named after the protocol, or language, of the Internet) is the part of the operating system that is in charge of all messaging for the Internet. The Internet in a PC with such a stack works with a sockets concept (Winsock), that means every program can plug itself in the stack, and initiate communication with other programs on other computers connected as well to the Internet and ready to do so. The TCP/IP stack routes the messages sent to every application. For example - a computer user starts an FTP server (aka daemon), that plugs itself in socket 21 (the standard FTP port), and starts listening; from now on, all attempts to connect to this computer via port 21 (normally used for FTP) will be sent to this program and the program will react to those messages. But the error is not really in the TCP/IP stack. There is a port used by the NetBIOS services on every computer equipped configured to work in a network with the Windows NT network protocol (that uses the NetBEUI protocol to communicate between computers in a local area network). NetBIOS is used to handle file and print sharing requests. Well, the port 139 is open to NetBIOS on every computer in this kind of network and also connected to the Internet. So anyone can send data to these computers via port 139, on the Internet, and NetBIOS responds. The problem arouses when someone forges a data packet with erroneous data (known as "out of bounds" or OOB data) and sends it to the victim computer. The NetBIOS stack, responsible of handling every request gracefully, fails ungracefully, because there is no OOB error handling routines. The result is the user becomes the (in)famous blue screen, or sometimes TOTAL lockout, and afterwards all connections to the Internet are closed, no matter what the user does, upon resetting of the computer (not disconnection!). And the reach of all this? Any user can, for example, look up someone's IP address on the Internet (the unique number used to identify ever node/computer connected) and send a forged packet to port 139 on that computer, thus causing anybody on this computer to curse for at least 15 minutes (aarrhghghg my DOWNLOADS!!!!!!!). I've been had at least 5 times! But it's really effective against anyone on IRC that is bothering you. There is anothe one, named the Ping of Death, and its working mutation on the Windows 95 OS is called SSPing. Hey, I know you are dying to get the nukers and the patches, but I won't provide all the infos. You will have to go to AltaVista and do a search for the word 'WinNuke'. Be persistent!!! It is the only way you will get your things done!!! |