Download Index

In-Depth Reviews

Tips & Tutorials

Updates

News

Browsers

Chat / Conferencing

Desktop Utilities

Development

Internet Apps

Multimedia

OS Service Packs

Productivity Tools

Download of the day • Mozilla Prism

Most Popular Software Downloads • Mozilla Firefox • Microsoft Office 2010 • QuickTime for Windows • Adobe Reader • Mozilla Thunderbird • Winamp • Microsoft Office 2007 Service Pack • Google Earth • Adobe Flash Player • Windows Vista Service Pack 2 (Vista SP2) • CCleaner (Crap Cleaner) Most Popular Software Articles • Windows Vista Tips: Home Networking Setup Tutorial • 10 Must-Have Apps: The Free Windows Networking Toolkit • How to Make Your Internet Connection Faster, Better

Windows 95 and NT Internet-related Exploits
Windows OOB Bug
Michael Hayman

1. What? A Bug In Windows?

By using a special program, malicious people can crash any Windows 3.11/95/NT machine without a fix that is on the internet. It is done by sending OOB [Out Of Band] data to an established connection with a Windows user. NetBIOS [139] seems to be the most effective since this is a part of Windows, but any port that listens for data can be attacked, like Identd [113]. Apparently Windows doesn't know how to handle OOB, so it panics and crazy things happen. Reports have been heard of everything from Windows dropping carrier to the entire screen turning white. Windows also sometimes has trouble handling anything on a network at all after an attack like this. A reboot usually fixes whatever damage this causes.
(Courtesy of BugTraq)

2. I Have Windows 95. How do I fix this?

Click here to fix all of the known Windows 95 exploits.

3. I Have Windows NT. How do I fix this?

Click here to fix all of the known Windows NT exploits.

4. I Have Windows 3.11. How do I fix this?

Thanks to Tjerk Vonck and EJ for this information:

1. Find SYSTEM.INI on the boot drive of your computer
2. Directly under the caption [MSTCP] in SYSTEM.INI insert the following line:

   BSDUrgent=0

This is essentially the same thing as the Windows 95 bugfix, and it works well.

5. How do I test to see if I am vulnerable to this bug?

Check out the Yikes! Nuke Checker page, that will let you check to see if your machine can be attacked.

6. How can I tell who is trying to attack me?

Download one of these Port Listeners:

1. Skream's Port Listener (140 KB) (Port Listener Homepage)
2. Dr. Bardo's Port Sniffer (97 KB)

Both will tell you the hostnames of people currently connected to your Port 139, which will let you trace the nuking user back to the ISP he uses.

7. Who can I contact with fixes/questions/info?

If you have new information about bugs or fixes, send it to us.

Next: SSPING »

« Previous Page

| Next Page »

Contents:
1. Fix All Known Exploits
2. Windows OOB Bug
3. SSPING
4. Teardrop
5. SMURF