💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › PISS › piss0052… captured on 2022-01-08 at 17:00:28.

View Raw

More Information

⬅️ Previous capture (2021-12-04)

-=-=-=-=-=-=-

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- P.I.S.S. Philez Number 52 =
=                           -
-    Denial Of Service      =
=                           -
-       by Devnull          =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Denial of Service Attacks - usage, detection and prevention
by devnull (reformed irk warrior and still a net.addict)

Overview:
Denial of Service Attacks (heretofore referred to as DoS Attacks) are
attacks sent over the internet to deny service to the receiving end.
(note: DoS attacks are illegal and easily traceable, I would never
suggest to do such a thing and would definitely never do such a thing
myself. - IF YOU DO SOMETHING STUPID AND GET CAUGHT, IT'S NOT MY 
RESPONSIBILITY)


Usage of DoS attacks:
(note: most of the .c source code files are available at rootshell.com)
(note: firewall refers to a windows firewall, i suggest conseal pc 
firewall, available at www.signal9.com)
(note: all patches available at www.webzone.net/ddg_computing/dalnet)

out-of-band:
  info: windows doesn't like tcp packets with the oob flag sent to netbios
  vulnerable: Windows (95/NT/3.x)
  protocol: tcp/ip, ports: 137-139
  used for: crash victim's computer
  symptoms: blue screen of death
  short-term fix: reboot
  long-term fix: firewall and patch - vtcpupd.exe
  detection: firewall
  launching: winnuke.c (rootshell.com)

jolt (ssping):
  info: icmp_echo fragmentation exploit
  vulnerable: Windows (95/NT/3.x), possibly old MacOS
  protocol: icmp (echo)
  used for: crash victim's computer
  symptoms: blue screen of death
  short-term fix: reboot
  long-term fix: firewall and patch - vipup11.exe/vipup20.exe
  detection: firewall
  launching: jolt.c (rootshell.com)

icmp_echo flooding:
  info: basic packet flooding
  vulnerable: all
  protocol: icmp (echo)
  used for: slow (lag) modem connection until it ping timeouts
  symptoms: major lag while not doing anything that would cause it
  short-term fix: redial into ISP
  long-term fix: firewall
  detection: firewall
  launching: ping (rootshell.com)

udp datagram flooding:
  info: basic packet flooding
  vulnerable: all
  protocol: udp, ports: all
  used for: slow (lag) modem connection until it ping timeouts
  symptoms: major lag while not doing anything that would cause it
  short-term fix: redial into ISP
  long-term fix: firewall
  detection: firewall
  launching: pepsi.c (rootshell.com)

icmp unreach:
  info: creates packets that trick client into disconnecting
  vulnerable: all
  protocol: icmp (unreachable)
  used for: disconnect from irc
  symptoms: unexplained (repeated) disconnections from irc
  short-term fix: reconnect to irc server
  long-term fix: firewall
  detection: firewall or other program that will monitor icmp unreachables
  launching: puke.c (rootshell.com)

teardrop (similar to jolt):
  info: one in a series of udp fragmentation exploits
  vulnerable: Windows (95/NT), Linux kernel 2.0.31
  protocol: icmp (echo)
  used for: crashing victim's computer
  symptoms: blue screen of death/total freezeup
  short-term fix: reboot
  long-term fix: firewall/vipupd20.exe
  detection: firewall
  launching: teardrop.c (rootshell.com)

boink (bonk/newtear):
  info: newest of udp header/fragmentation exploits (modified teardrop)
  vulnerable: Windows (95/NT)
  protocol: icmp (echo)
  used for: crashing victim's computer
  symptoms: blue screen of death/freezeup
  short-term fix: reboot
  long-term fix: firewall
  detection: firewall
  launching: boink.c/bonk.c/newtear.c (rootshell.com)

land:
  info: spoofs a tcp syn packet from the same ip as you send it to
  vulnerable: Windows (95/NT)
  protocol: tcp/ip, ports: any that are open on your system (113, 139)
  used for: crashing victim's computer
  symptoms: total freezeup
  short-term fix: reboot
  long-term fix: patch (vipup11.exe/vipup20.exe)
  detection: none that can be easily setup
  launching: land.c/latierra.c  

Other Sources of info:

http://www.rootshell.com/
http://www.warforge.com/
http://members.xoom.com/dosprograms/
http://www.nsanefoundation.com/files/
http://icmpinfo.darkelf.org/
http://www.microsoft.com/security/
http://www.dhp.com/~fyodor/sploits_microshit.html
http://www.sophist.demon.co.uk/ping
http://www.webzone.net/ddg_computing/dalnet/

[Just a quick note.  If you want these exploits ported to Windows, go 
to www.warforge.com and you can find most of them there.]

-------------------------[EOF:3-5-98]------------------------------------
PISS - People into Serious Shit

Founders - Defenestrator, PhrostByte
Members - 
Author Parselon
Wu Forever
kQs
Extinction
Grench
Rhodekyll
Dial Tone
Psycho Phreak
Djdude
Circular Reclusion
Havok Luther
AT2Screech
Phantom Operator
Apocalypse
Skrike

Contributors- 
Sameer Ketkar
The Axess Phreak
Devnull

PISS, the author, and anyone else does not take responsibility for what
you do with the stuff contained in this file.  If you get busted, 
don't cry to us.  We don't care.  We have never done any of this.
Really.  And we don't condone it.  Uh-huh.

Want more stuff?  Go to http://piss.home.ml.org

E-mail the group at davematthews@rocketmail.com

� Copyright 1998 PISS Publications and also copyrighted by the author.
This file may be posted freely as long as this notice stays on the end.
All rights reserved.  Or something like that.