Denial of Service Attacks
Protect yourself against amateur "hackers" who long ago discovered an easy and cheap way to zap you off the Internet and piss you off. It's called "WinNuke," and is done by running a program that exploits a large bug in Win95/NT's networking system, allowing them to bomb your system with extraneous gunk, crashing your computer and forcing you to restart. Two of the WinNuker's favorite hangouts are America Online and the chat program ICQ, but they can target you from any of a zillion Web sites or other ISP's as well. The program is freely available on the Internet, can most likely be turned up by a simple search on any major search engine, and is easy for anyone with a Unix account to run. (Other programs like mIRC scripts allow the zapper to go through an entire IRC channel and nuke everyone at once. Fun, huh?) Well, there's an easy solution. Go through Microsoft's Web sites and download two patch files, VIPUP11.EXE and VCTPUPD.EXE. (The Web site addresses are as follows:
support.microsoft.com/download/support/mslfiles.Vipup.exe and ...vctpupd.exe, where the rest of the URL is the same as the VIPUP address. Download 'em both to a temporary folder. Double-click the VIPUP11.EXE icon, let it install itself, then do the same to the VCTPUPD.EXE icon. Restart your computer. (Make sure you install the two in this order; installing them backwards wipes out VCTPUPD.) Now, update your Winsock connection by installing the two Winsock updates in the "Updates" section below. Delete the four original downloads from your hard disk, and prepare to sneer at the little WinNukers.
Don't get too happy now that you've inoculated yourself against the nukers. Several other "denial-of-service" (DoS) attacks similar to WinNuke are making Net users grind their teeth. One called "The Ping of Death" and a cousin, "Teardrop," exploit known holes in TCP/IP implementation, as does the "SYN" attack and its mutant cousin, "Land." The "Smurf" attack targets your Internet protocols directly and causes major net congestion, while the "UDP Flood" uses the widely accepted User Datagram Protocol to flood LANs and PCs with useless data. The good news: Most problems generated by these beasties are experienced by networked PCs who belong to targeted LANs. The home user isn't seeing these very often. Still, forewarned is forearmed; check out the good people at www.cert.org at Carnegie Mellon University for the latest info about these critters and how to shield yourself from them. Also look into Microsoft's security site at www.microsoft.com/security.
More about security: it's absurdly easy for amateur hackers to invade your PC over the net, root around in your files, even reformat your hard drive. Yeesh. Get a quick security check from ShieldsUP! at grc.com/default.htm. You'll need to download a very small program which, after you connect to the Internet, allows the ShieldsUP site to probe your computer for security breaches. Are they trustworthy? I hope so.... Anyway, this site contains tons of information on how to seal security breaches, firewalls, etc. etc., so it's worth a visit. Forewarned is forearmed. If you want to know just how easy legal hacking is, visit the Happy Hackers at www.happyhacker.org and be prepared to be shocked. These guys seem harmless, but there's plenty of people out there who aren't. Another site worth visiting is HackerWhacker, at www.hackerwhacker.com. HackerWhacker scans over 130,000 possible port addresses on your PC for security flaws and examines your Windows NetBIOS configuration. HackerWhacker's first scan is free, but subsequent uses cost $10 per scan (or you can pay $30/month for unlimited scans). Another place for free PC scanning is
www.pcflank.com/, and DSL Reports offers broadband scanning at www.dslreports.com/ Others that are useful can be found at
www.vulnerabilities.org/ and www.it-sec.de/vulchke.html.
