Boink

Description of Boink

This DoS attack affects Windows 95 and NT machines.

The Boink attack is the reverse of the now infamous Teardrop attack, and is an improvement on the Bonk DoS program, in that it allows UDP port ranges. The Boink attack manipulates a field in TCP/IP packets, called a fragment offset. This field tells a computer how to reconstruct a packet that was broken up (fragmented) because it was too big to transmit in a whole piece. By manipulating this number, the Boink attack causes the target machine to reassemble a packet that is much too big to be reassembled. This causes the target computer to crash. This attack has not been shown to cause any significant damage to systems, and a simple reboot is the preferred remedy. It should be noted, though, that while this attack is considered to be non-destructive, it could cause problems if there is unsaved data in open applications at the time that the machine is attacked. The primary problem with this is a loss of data.

Symptoms of Attack

When a Boink attack is directed at a Windows 95 or NT machine, the usual result is that the machine will crash (the Blue Screen of Death). In some cases, though, affected machines will reboot.

How can I fix this vulnerability?

The fix for this vulnerability is to install a patch, available from Microsoft. You will find patches for Windows NT 3.51/4.0 and Windows 95 at the site provided above.

Where can I read more about this?

For more information on the Boink Denial of Service attack, visit Microsoft's Newtear2 page. Or, visit Puppet's Place for information on Boink and other attacks. For in-depth technical information and source code for the Boink program, visit Rootshell's Boink page. To keep abreast of existing and emerging Denial of Service attacks, and other security threats, visit the Microsoft Security Advisor, the Windows Central Bug Site, and/or CERT.