Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) Protecting against winnuke and teardrop attacks
To understand how to protect yourself from these attacks, you must
understand how they work. Winnuke is/was an out of band data attack,
usually used on port 139. Windows suffered from this out of band data
attack over a year ago because windows was ill-equiped to handle out
of band data and would blue screen. So, filtering off incoming tcp
traffic on port 139 at your router stopped the attack, but Microsoft has
long since patched this bug and others including land and teardrop.
Teardrop is/was an ip fragment bug that caused the various operating
systems it affected to halt when they unsuccessfully tried to re-allign
un-allignable packets.
So, you can block exploits like winnuke which use a port for their attack,
but flaws in the tcp/ip stack aren't really preventable by router
filtering. If you'd like in depth information on those exploits, the
programs and the explanations of why they work can be found at
http://www.geek-girl.com/bugtraq and http://www.rootshell.com
Regards,
Joe Shaw - jshaw@insync.net
NetAdmin - Insync Internet Services
Fortune: Pretend to spank me -- I'm a pseudo-masochist!
On Fri, 22 May 1998, I B Ahmad wrote:
> Can anyone show me how to set the Ascend Pipeline 75 in such a way as to
> protect against winnukes and teardrop attacks?
>
> ------------------------------------------------
> I B Ahmad
> Clinical Trials and Epidemiology Research Unit
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
References: