Windows Detected

Impact

A Windows operating system has been detected, which may be vulnerable to one or more Denial of Service (DoS) attacks. Windows 95/98 and Windows NT 3.51/4.0 are vulnerable to these DoS attacks.

Background

Windows operating systems are vulnerable to a number of Denial of Service attacks, most of which cause target systems to lose connectivity to the Internet, and in some cases may cause the loss of sensitive data and/or files. For information purposes, several of these DoS attacks will be listed below.

SAINT Corporation has written up advisories of many Denial of Service attacks, such as Boink, Bonk, Jolt, Land, Nestea, Newtear, Syn Flooding, Teardrop, WinNuke and Smurf/Fraggle. Other attacks that SAINT Corporation has not yet written advisories for include:

The Problem

While this page was not intended to give an exhaustive listing of all relevant Denial of Service attacks to which Windows operating systems may be vulnerable, those listed are perhaps the most popular in the hacker community. The main problem in defending systems and networks against these and other types of attacks is a lack of information, and thus, a lack of understanding of the risks presented by hackers and malicious users.

Resolution

We strongly encourage our customers to stay abreast of the emerging threats posed by hackers and malicious users. We also strongly encourage customers to study and understand security issues in general, and security measures to implement on specific operating systems. Below will be listed several links to sites that we have found useful in our efforts to promote good security habits. Often times, keeping ahead of the security curve can feel like a full time job, but in the end the old saying is still true: an ounce of prevention is worth a pound of cure. The best weapon against hackers and malicious users is knowledge, applied in a timely manner.

Where can I read more about this?

An excellent source of information is Rootshell, a catch-all site which warehouses literally hundreds of known exploits and hacker programs. Rootshell comes complete with a very nice search utility which should make finding specific information simple. Another wonderful source for information on exploits and Denial of Service attacks is the ircHelp site. To keep abreast of existing and emerging Denial of Service attacks, and other security threats, visit the Microsoft Security Advisor, the Windows Central Bug Site and/or CERT. If information on a specific attack is not located on these sites, keep checking back as they are updated frequently.

Often times, it is necessary to consort with the enemy when trying to research various security threats. Some very nice hacker sites include AntiOnline, Phrack and 2600. A comprehensive listing of "underground", or hacker, sites may be found on the COAST web site.

As always, it is a good idea to do some research for new sites that may be created. A search on keyword "hacker" or "exploits" on any Internet search engine should yield an abundance of sites dealing with both security and exploits/Denial of Service attacks.