1. Not Euph.-related
- Posted by Frank Atry <suprsngr at EARTHLINK.NET>
Jul 01, 1998
-
Last edited Jul 02, 1998
Alan:
I posted this question to see if anyone would want to write a "firewall" or a
"patch" program in Euphoria against the many ways in which certain
hackers/crackers/prancksters (i.e., criminals) can boot (usually) a PC (Mac's
are more secure in this regard) out of a chat room or off-line completely.
(Note: Euphoria may not be the most suited language for this purpose; you guys
would know that better.) But, essentially these "nuke" programs work in one of
several ways. One program called "WinNuke" (there are other similar ones, such
as Boink, Bonk, Land, IceNuke, TearDrop), takes advantage of a bug in the
Windows 95 TCP/IP structure by delivering out of band (OOB) data to Windows
(most often) through Port 139, thus "confusing" windows and basically freezing
it. The result is the familiar blue screen with an Exception Error 04. Other
programs "kill" you by flooding your modem, a technique also referred to as
smurfing or spoofing. Without getting too technical, smurfing or spoofing
takes advantage of a little-known fact that you can get a magnified "echo
effect" off a single "ping" directed at a single recipient's IP address due to
the present (and faulty/buggy) nature in which hosts and servers are connected
to each other on the Internet. The result is a massive flooding of the
victim's ports, resulting in an ICMP error or a "host-unreachable" error
message.
Any way, my purpose was not to generate a discussion on the various perils of
going in to chat rooms, but rather to see if Euphoria could be deployed in a
defensive fashion in this area. But, since you asked...
Regards,
Frank
Hawke wrote:
> Alan Tu wrote:
> >
> > RE: What's nuking?
> > I've never had this experience, then again I don't chat over the Web. It
> > sounds like nuking is the flooding of the line to your modem. I can
> > imagine the consequences.
>
> actually you may have been nuked and not known what caused that 'crash'
> that
> ever so randomly appeared.
> Nuking can happen to anyone connected to the web over a SLIP/PPP line.
> its not the sending of large amounts of data in an attempt to overload
> anything. its more commonly a 'loophole' exploiter. there are certain
> devious, yet ingenious methods of packet corruption that can be sent
> down your tcp/ip pipeline. remembering that all data sent via the net
> is 'packetized', that is your message (email, zipped game...whatever)
> is divided into (most commonly) 512 byte snippets, or little data
> bundles.
> these snippets/packets are then given individual headers. headers are
> little guide maps for each packet. they contain routing information for
> the packet to arrive at the same place as its brethren. the headers
> also contain information needed by the decoding software (eudora,
> netscape,
> winzip...etc) to reassemble these fragments of the original file/data
> into its former glorious self. side note: voice over the net. the
> reason its so hard to make games or voice or music sound good over the
> net is this packetizing business... the end of a file (song?) can
> actually arrive _before_ the beginning, oweing to internet lag.
> ever watch the statistics on RealAudio(tm) streaming audio playing
> your fav tune? watch the lost packet and out of order stats.
> real time and packetizing were never meant to shake hands and be
> friends.
> onwards. nuking exploits bizarre programming oversights (bugs?) in
> the way the original spec. for tcpip headers. imagine sending someone
> a file via tcpip, but you maliciously insert into one of the packet's
> headers that this particular header is -1 bytes length... (just
> an example folks)... well if your machine cant error check for that
> weirdness... boom ... random _appearing_ crash... it looks like
> netscape just did one of its infamous crashes...
>
> note: this is a very simplistic, sorta technically accurate description.
> i fudged a bit to make it easier to absorb this knowledge...
> more than enough purely technical, extremely high-brow, white papers
> exist in various internet FAQ'
>
> hope this helps
> take care --Hawke'
