Firewalls are a major part in protecting yourself on the net. Now there are tons of patches out, which I have for you to download in the Nukes section. I say that really you don't need all those patches; just get a good firewall and your set to go. Most firewalls block most attacks. If you are not familiar with firewalls, then I'd recommend the Conseal Firewall by Signal9. The reason is that all the MAIN settings you need are already set. Such as set to block nukes, lands, etc (a description of the attacks is below.).
Operating System Attacks
Basically, this type of attack affects a particular type of OS (Operating System). And
MAINLY,
please note, copy, tattoo, or whatever it take to remember this:
Win98 is NOT immune to nuking as said by ignorant technicians, etc.
I've read on IRC's help page, Microshaft (Microsoft) webpages, and "security"
homepages that the
NEW Microsoft Windows 98 is immune to nuking... That they have patched the problem. That
is
100% Pure BULLSHIT!!! I can tell you from personal tests than '98 is not nuke immune. The
only difference is that instead of the possible FREEZE or krash, it freezes are just makes
other
programs fuck up.
Types Of Nukes
SMB:
Aliases/Variants: Server Message Block (SMB), logon attack.
Affects: Windows NT 4 (Check Out The ICMP/NT Defense Section)
Symptoms: System hang or restart. Widespread attacks especially against .edu and .gov
sites since March 1.
Patches and Info: See the Microsoft help page last updated Feb 13.
Bonk:
Aliases/variants: boink, newtear, teardrop2
Affects: Windows 95 / NT (Check Out The ICMP/NT Defense Section).
Symptoms: Blue screen freeze and crash. If you have been patched since 12/97 against the
other nukes below and as of 1/8/98 suddenly started to get the blue screen, you're
probably being
"bonked".
Patches: Microsoft just released a new patch for Win 95 Winsock 2 that covers this attack
(after nearly 2 months!). For more info: See Microsoft's bulletin last updated in late
February.
Land:
Affects: Windows 95 / NT (Check Out The ICMP/NT Defense Section)/ 3.11, many
others
Symptoms: Freeze and crash. You're probably being "landed" if you were nuke-safe
until
mid-November or if you're already patched against the other nukes.
Patches: Windows 95/NT, see the patches section below.
For more info: See the excellent article from Wired News.
Teardrop:
Aliases/variants: tear, TCP/IP fragment bug, overlapfrag bug
Affects: Windows 3.1/95/NT (Check Out The ICMP/NT Defense Section), Linux (before
2.0.32 and 2.1.63)
Symptoms: Immediate crash or reboot. If you know you're safe against "winnuke"
and
"ssping" below and you still crash, you are probably suffering from either
"land" or "teardrop". If you
just get disconnected it's probably "click".
Patches:
Windows 95/NT (see patches below) : Linux: upgrade to 2.0.32 / 2.1.63 or
later.
Click:
Aliases/variants: [the original] nuke, ICMP nuke, ICMP_REDIRECT or
ICMP_DEST_UNREACH spoof, WinNewk/WinNewk-X.
Affects: All IRC users. Can be used against any TCP connection if no filtering is used.
Symptoms: Disconnection from IRC server, but your TCP/IP stack (Winsock) and modem
connection are both fine, no crash or reboot. Windows users will usually quit with the
message
"Connection reset by peer." Other common quit messages are Connection refused,
Operation timed
out, and Host unreachable, depending on which end of the connection (server or client) is
attacked.
Patches: If they attack the server, as they often do, there is nothing you can do to stop
that.
If they attack your client, there is normally no defense for standalone computers,
although a
so-called "personal" firewall product for Windows does stop these attacks. Check
out my Firewall
Section.
NOTE: If when your on IRC and you notice these symptoms, try connecting to another
port. The reason is that Click programs usually have the port already set at port 6667.
Even
though you can change what port the program sends too, it makes it a little more
difficult, because
then they would have to scan your entire system for that port. And/Or you can change what
port
you connect to each time you "reconnect" to IRC. Also, to aide in defense, check
out the section
on IP spoofing. That can eliminate this problem quiet easily.
SSPing:
Aliases/variants: jolt, sPING, ICMP bug, IceNewk, "Ping of Death".
Affects: Windows 95 / NT (Check Out The ICMP/NT Defense Section) , and many
others!
Symptoms: Computer locks up, usually requiring a reboot (reset switch such as ctrl+alt+del
doesn't work). After restart, computer runs as usual.
Patches:
Windows 95/NT (see patches below) : Other platforms: see The Ping o' Death Page.
For more info: See the ssping pages at WinPlanet and winfiles.com.
WinNuke:
Aliases/variants: Windows OOB bug.
Affects: Windows 95 / 3.11 / NT (Check Out The ICMP/NT Defense Section).
Symptoms: "Blue Screen" (virtual device driver) error. Computer usually
recovers, but
Internet connection doesn't, requiring reboot (usual shutdown procedure should work). May
also
cause computer to lock up.
Patches:
Win95/NT (see patches below)
Win 3.1x -
-Find SYSTEM.INI on the boot drive of your computer
-Directly under the caption [MSTCP] in SYSTEM.INI insert this line:
BSDUrgent=0
For more info: See the winnuke pages at WinPlanet and winfiles.com.
Network Attacks
ICMP Flood:
Aliases/variants: ping flood, ICMP_ECHO flood
Affects: all modem connections
Symptoms: Modem lights go berserk indicating overflow of information, Internet
applications
get very slow, after 15-60 secs you get disconnected (from your server or even your
provider).
Everything is fine after reconnect (unless you get flooded again), no crash or reboot.
Patches: There are no patches available or possible, since this attack directly exploits
the low
capacities of your modem. But you can have a program such as nukenabber (in program list
below
that can monitor ICMP connections. And as with detecting nukes, can possibly trace it back
to
whom sent the attack to you. The only problem as with all detections... If they are using
an IP
spoofer, etc.. Then again, YOUR FUCKED!!!
Smurf:
Aliases/variants: N/A
Affects: whole provider or IRC server
Symptoms: Imagine ICMP flooding for an entire provider or server. Everybody connected
gets bogged down and kicked off, attack can last for hours or days.
Patches: There is nothing you can do to defend yourself, but if you do have any
information
on who is doing the attack, contact the admins at your ISP or IRC server (whichever is
being
attacked). Again, no personal firewalls can protect you.
For more info: See the WinPlanet article which is based on a guide by Craig Huegen.
Patches
Please close all applications b4 installing these patches... And to ensure that they
are installed properly, install these patches as said... These patches protect you
from: OOB, SSping, Nuke_1, Winnuke,Teardrop, The Newteardrop, Land,
Latierra, Bonk and Boink.
1.) Install WinSock Upgrade... Then Reboot...
Here is a list of place of where you can get firewalls:
Altavista Firewall 97
BaySecure Firewall-1
Centri Firewall
Compaq ProSignia 200
Firewall Server
Conclave
ConSeal Firewall
- I have already mentioned this firewall earlier in this site. But if you are NOT familiar with TCP/IP, UDP/IP, ICMP/IP, etc or don't even know what they mean, then I recommend the Conseal Desktop. It is almost like the PC Firewall by Signal9, but it's simplified. For with the PC Firewall, you will be continuously asked if you want to accept or block certain connection. And it's a must that you understand all those terms and what the specific connections mean.
Personally I prefer the Conseal Desktop. I do understand all the jargon, but I find it more convenient to have the Conseal Desktop because I find it aggravating to have a message box pop up every 10 min.
With this firewall (Conseal Desktop) you are protected from what
is called Click. Read the help file that comes with the Firewall to learn how to set
up for Click protection.
Cyberguard Firewall
Digitivity CAGE
Elron Firewall
eNetwork Firewall
ESafe
Firewall-1
Gauntlet Internet Firewall
GFX Internet Firewall System
GNAT Box Firewall
Guardian 3.0 Firewall for
NT v3.0
ICE.Block
Interceptor Firewall
Appliance
Internet Scanner
Managed Firewall Service
Microsoft Proxy Server
v2.0
MIMEsweeper
NetRoad FireWall v2.2
Netscreen-10,
Netscreen-100
Norman Firewall
Permit/Gate Firewall
PIX Firewall
Raptor Firewall
Secure Computing
Firewall
SecureConnect
SecurIT Firewall
SessionWall-3
Signal9
Software-Builders
SunScreen EFS 2.0
WatchGuard Security
System
Here are some linkz which specialize in this sort of material:
Anti-Nuke
Protection for Win95/WinNT
WinPlanet Windows 95 and NT Internet-related Exploits
winfiles.com
bug page
#ICMP
home page
Hans Husman's Denial of Service Page