Bonk
Description of Bonk
This DoS attack affects Windows 95 and NT machines.
The Bonk attack is a variation of the now infamous
Teardrop
attack, and works much like the
Boink attack,
although it does not allow UDP
port ranges. The Bonk attack manipulates a field in
TCP/IP
packets, called a fragment offset. This field tells a computer how to reconstruct a
packet
that was broken up (fragmented), because it was too big to transmit in a whole piece. By
manipulating this number, the Bonk attack causes the target machine to reassemble a
packet that is much too big to be reassembled. This causes the target computer to crash.
A simple reboot is usually sufficient to recover from this attack. It is possible that unsaved
data in applications open at the time of attack will be lost.
Symptoms of Attack
When a Bonk attack is directed at a Windows 95 or NT machine, the usual result is that
the machine will crash (the Blue Screen of Death). In some cases, though, affected machines
will reboot.
How can I fix this vulnerability?
The fix for this vulnerability is to install a patch, available from
Microsoft. You will find patches
for Windows NT 3.51/4.0 and Windows 95 at the site provided above. Also, you may visit the
Nuke Patches page for patches and information
related to securing your site against various Denial of Service attacks.
Where can I read more about this?
For more information on the Bonk Denial of Service attack, visit Microsoft's
Newtear2 page. Or, visit
IRChelp for information
on Bonk and other attacks. Find the Bonk program's source code at
Rootshell's Bonk page.
To keep abreast of existing and emerging Denial of Service attacks, and other security threats,
visit the Microsoft Security Advisor, the
Windows Central Bug Site,
and/or CERT.