Download Index

In-Depth Reviews

Tips & Tutorials

Updates

News

Browsers

Chat / Conferencing

Desktop Utilities

Development

Internet Apps

Multimedia

OS Service Packs

Productivity Tools

Download of the day • Internet Explorer 8

Most Popular Software Downloads • Opera • Internet Explorer 7 • QuickTime for Windows • Winamp • Mozilla Firefox 3 • Ad-Aware 2008 Free • Adobe Flash Player • Paint Shop Pro • Adobe Shockwave Player • AVG Anti-Virus Free • 7-Zip Most Popular Software Articles • Windows Vista Tips & Tricks, Part 1 • Windows Vista: Worthy of the Hype? • Windows Wireless Zero Configuration: Five Steps to Sanity

Windows 95 and NT Internet-related Exploits
Windows OOB Bug
Michael Hayman

1. What? A Bug In Windows?

By using a special program, malicious people can crash any Windows 3.11/95/NT machine without a fix that is on the internet. It is done by sending OOB [Out Of Band] data to an established connection with a Windows user. NetBIOS [139] seems to be the most effective since this is a part of Windows, but any port that listens for data can be attacked, like Identd [113]. Apparently Windows doesn't know how to handle OOB, so it panics and crazy things happen. Reports have been heard of everything from Windows dropping carrier to the entire screen turning white. Windows also sometimes has trouble handling anything on a network at all after an attack like this. A reboot usually fixes whatever damage this causes.
(Courtesy of BugTraq)

2. I Have Windows 95. How do I fix this?

Click here to fix all of the known Windows 95 exploits.

3. I Have Windows NT. How do I fix this?

Click here to fix all of the known Windows NT exploits.

4. I Have Windows 3.11. How do I fix this?

Thanks to Tjerk Vonck and EJ for this information:

1. Find SYSTEM.INI on the boot drive of your computer
2. Directly under the caption [MSTCP] in SYSTEM.INI insert the following line:

   BSDUrgent=0

This is essentially the same thing as the Windows 95 bugfix, and it works well.

5. How do I test to see if I am vulnerable to this bug?

Check out the Yikes! Nuke Checker page, that will let you check to see if your machine can be attacked.

6. How can I tell who is trying to attack me?

Download one of these Port Listeners:

1. Skream's Port Listener (140 KB) (Port Listener Homepage)
2. Dr. Bardo's Port Sniffer (97 KB)

Both will tell you the hostnames of people currently connected to your Port 139, which will let you trace the nuking user back to the ISP he uses.

7. Who can I contact with fixes/questions/info?

If you have new information about bugs or fixes, send it to us.

Next: SSPING »

« Previous Page

| Next Page »

Contents:
1. Fix All Known Exploits
2. Windows OOB Bug
3. SSPING
4. Teardrop
5. SMURF