WinNuke

From Wikipedia, the free encyclopedia

The term WinNuke refers to a remote denial-of-service attack (DoS) that affected the Microsoft Windows 95, Microsoft Windows NT and Microsoft Windows 3.1x operating systems.

The exploit sent a string of OOB (out of band) data to the target computer on TCP port 139 (NetBIOS), causing it to lock up and display a "Blue Screen of Death". This did not cause any damage to, or change data on, the computer's hard disk, but any unsaved data would be lost.

The so called OOB simply means that the malicious TCP packet contained an Urgent Pointer. A rarely used field in the TCP header, used to indicate that some of the data in the TCP stream should be processed quickly by the recipient. Affected operating systems didn't handle the Urgent Pointer field correctly.

A person under the screen-name "arbooth" published his C source code for the exploit on June 7, 1997. With the source code being widely used and distributed, Microsoft was forced to create security patches, which were released a few weeks later.

[edit] See also

• Nuke (computer)

[edit] External links

• WinNuke Relief Page
• Article on a more recent variation of WinNuke (Published: 10/2/02)
• WinNuke Vulnerability Test