Boink
Description of Boink
This DoS attack affects Windows 95 and NT machines.
The Boink attack is the reverse of the now infamous
Teardrop
attack, and is an improvement on the Bonk DoS program, in that it allows
UDP port ranges.
The Boink attack manipulates a field in
TCP/IP packets,
called a fragment offset. This field tells a computer how to reconstruct a
packet
that was broken up (fragmented) because it was too big to transmit in a whole piece.
By manipulating this number, the Boink attack causes the target machine to reassemble
a packet that is much too big to be reassembled. This causes the target computer to crash.
This attack has not been shown to cause any significant damage to systems, and a simple reboot
is the preferred remedy. It should be noted, though, that while this attack is considered to
be non-destructive, it could cause problems if there is unsaved data in open applications at
the time that the machine is attacked. The primary problem with this is a loss of data.
Symptoms of Attack
When a Boink attack is directed at a Windows 95 or NT machine, the usual result is that
the machine will crash (the Blue Screen of Death). In some cases, though, affected machines
will reboot.
How can I fix this vulnerability?
The fix for this vulnerability is to install a patch, available from
Microsoft. You will find patches
for Windows NT 3.51/4.0 and Windows 95 at the site provided above.
Where can I read more about this?
For more information on the Boink Denial of Service attack, visit Microsoft's
Newtear2 page.
Or, visit Puppet's Place for information on
Boink and other attacks. For in-depth technical information and source code for the
Boink program, visit Rootshell's
Boink
page. To keep abreast of existing and emerging Denial of Service attacks, and other security
threats, visit the
Microsoft Security Advisor, the
Windows Central Bug Site,
and/or CERT.