=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- P.I.S.S. Philez Number 52 =
=                           -
-    Denial Of Service      =
=                           -
-       by Devnull          =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Denial of Service Attacks - usage, detection and prevention
by devnull (reformed irk warrior and still a net.addict)

Overview:
Denial of Service Attacks (heretofore referred to as DoS Attacks) are
attacks sent over the internet to deny service to the receiving end.
(note: DoS attacks are illegal and easily traceable, I would never
suggest to do such a thing and would definitely never do such a thing
myself. - IF YOU DO SOMETHING STUPID AND GET CAUGHT, IT'S NOT MY
RESPONSIBILITY)


Usage of DoS attacks:
(note: most of the .c source code files are available at rootshell.com)
(note: firewall refers to a windows firewall, i suggest conseal pc
firewall, available at www.signal9.com)
(note: all patches available at www.webzone.net/ddg_computing/dalnet)

out-of-band:
 info: windows doesn't like tcp packets with the oob flag sent to netbios
 vulnerable: Windows (95/NT/3.x)
 protocol: tcp/ip, ports: 137-139
 used for: crash victim's computer
 symptoms: blue screen of death
 short-term fix: reboot
 long-term fix: firewall and patch - vtcpupd.exe
 detection: firewall
 launching: winnuke.c (rootshell.com)

jolt (ssping):
 info: icmp_echo fragmentation exploit
 vulnerable: Windows (95/NT/3.x), possibly old MacOS
 protocol: icmp (echo)
 used for: crash victim's computer
 symptoms: blue screen of death
 short-term fix: reboot
 long-term fix: firewall and patch - vipup11.exe/vipup20.exe
 detection: firewall
 launching: jolt.c (rootshell.com)

icmp_echo flooding:
 info: basic packet flooding
 vulnerable: all
 protocol: icmp (echo)
 used for: slow (lag) modem connection until it ping timeouts
 symptoms: major lag while not doing anything that would cause it
 short-term fix: redial into ISP
 long-term fix: firewall
 detection: firewall
 launching: ping (rootshell.com)

udp datagram flooding:
 info: basic packet flooding
 vulnerable: all
 protocol: udp, ports: all
 used for: slow (lag) modem connection until it ping timeouts
 symptoms: major lag while not doing anything that would cause it
 short-term fix: redial into ISP
 long-term fix: firewall
 detection: firewall
 launching: pepsi.c (rootshell.com)

icmp unreach:
 info: creates packets that trick client into disconnecting
 vulnerable: all
 protocol: icmp (unreachable)
 used for: disconnect from irc
 symptoms: unexplained (repeated) disconnections from irc
 short-term fix: reconnect to irc server
 long-term fix: firewall
 detection: firewall or other program that will monitor icmp unreachables
 launching: puke.c (rootshell.com)

teardrop (similar to jolt):
 info: one in a series of udp fragmentation exploits
 vulnerable: Windows (95/NT), Linux kernel 2.0.31
 protocol: icmp (echo)
 used for: crashing victim's computer
 symptoms: blue screen of death/total freezeup
 short-term fix: reboot
 long-term fix: firewall/vipupd20.exe
 detection: firewall
 launching: teardrop.c (rootshell.com)

boink (bonk/newtear):
 info: newest of udp header/fragmentation exploits (modified teardrop)
 vulnerable: Windows (95/NT)
 protocol: icmp (echo)
 used for: crashing victim's computer
 symptoms: blue screen of death/freezeup
 short-term fix: reboot
 long-term fix: firewall
 detection: firewall
 launching: boink.c/bonk.c/newtear.c (rootshell.com)

land:
 info: spoofs a tcp syn packet from the same ip as you send it to
 vulnerable: Windows (95/NT)
 protocol: tcp/ip, ports: any that are open on your system (113, 139)
 used for: crashing victim's computer
 symptoms: total freezeup
 short-term fix: reboot
 long-term fix: patch (vipup11.exe/vipup20.exe)
 detection: none that can be easily setup
 launching: land.c/latierra.c

Other Sources of info:

http://www.rootshell.com/
http://www.warforge.com/
http://members.xoom.com/dosprograms/
http://www.nsanefoundation.com/files/
http://icmpinfo.darkelf.org/
http://www.microsoft.com/security/
http://www.dhp.com/~fyodor/sploits_microshit.html
http://www.sophist.demon.co.uk/ping
http://www.webzone.net/ddg_computing/dalnet/

[Just a quick note.  If you want these exploits ported to Windows, go
to www.warforge.com and you can find most of them there.]

-------------------------[EOF:3-5-98]------------------------------------
PISS - People into Serious Shit

Founders - Defenestrator, PhrostByte
Members -
Author Parselon
Wu Forever
kQs
Extinction
Grench
Rhodekyll
Dial Tone
Psycho Phreak
Djdude
Circular Reclusion
Havok Luther
AT2Screech
Phantom Operator
Apocalypse
Skrike

Contributors-
Sameer Ketkar
The Axess Phreak
Devnull

PISS, the author, and anyone else does not take responsibility for what
you do with the stuff contained in this file.  If you get busted,
don't cry to us.  We don't care.  We have never done any of this.
Really.  And we don't condone it.  Uh-huh.

Want more stuff?  Go to http://piss.home.ml.org

E-mail the group at [email protected]

� Copyright 1998 PISS Publications and also copyrighted by the author.
This file may be posted freely as long as this notice stays on the end.
All rights reserved.  Or something like that.

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.