Jolt
CVE 2000-0305
Description of Jolt
This DoS attack affects Windows 95 and NT machines.
The Jolt attack sends very large, fragmented
ICMP packets
to a target machine running Windows 95 or NT. The ICMP
packets
are fragmented in such a way that the target machine is unable to
reassemble them for use. When the ICMP packets are received by the
target machine, it freezes up and will not accept input from the
keyboard or mouse. This Denial of Service attack has not been
shown to cause significant damage to affected systems, and a simple
reboot is sufficient to recover from an attack. It should be noted,
though, that any unsaved data in open applications will likely
be lost.
Symptoms of Attack
Upon being attacked, a Windows 95 or NT machine will lock up, and accept
no input from the keyboard or mouse. In a small number of cases, machines
have been known to reboot. To recover from the Jolt attack, reboot the
affected system. If you happen to be running a port scanner, check for
higher than usual activity on port 139 on the affect machine (the port that is used by Jolt).
If such activity exists, this could be an indication
that a Jolt attack is being run.
How can I fix this vulnerability?
The fix for this vulnerability is to install a patch. Patches
currently exist for
Windows NT 4.0,
Windows NT 3.51 and
Windows 95. These patches, and instructions for installing them,
may be found at Microsoft's
ICMP Datagram Fragments page.
Where can I read more about this?
You can read more about the Jolt attack, and other
ICMP based attacks, at Microsoft's
ICMP Datagram Fragments page. Also, visit Alphalink's
Denial of Service
Attacks page to read more about Jolt and other attacks.
To keep abreast of existing and emerging Denial of Service
attacks, and other security threats, visit the
Microsoft Security Advisor, the
Windows Central Bug Site, and/or CERT. If information
on a specific attack is not located on these sites, keep checking back as they
are updated frequently.