This part of my site is not entirely mine. The following people have performed an incredibly daunting task in gathering information and presenting it in a way that everyone can understand. If you have more in depth questions about the information presented here, please visit thier sites and contact them. Thanks, appreciation and respect go out to:

Information Sources

Jolo and the Denial of Service/Nuke Attacks Page
GreyFoxx and his Nuke Patches Page
Steve Jenkins and Jenesys LLC at the Winfiles.com Bugs and Fixes
Malachi Kenney and his Ping of Death Page or alternate URL http://prospect.epresence.com/ping

Test your Windows OS for open ports and overall vulnerability with "Shields Up"

Operating System Attacks

These attacks exploit bugs in a specific operating system (OS), which is the basic software that your computer runs, such as Windows 95 or MacOS. As of this date, the latest versions of many popular operating systems are already safe against these attacks, including Windows 98, MacOS 8, and Linux.

To effectively patch against nukes and pings, Winsock sometimes has to be updated. Learn how to do this here.

Windows 95/NT Nuke Patches

If you're using Windows 95 or NT, see the EFnet #mIRC nuke information page for step by step directions to defend against these "classic" nukes: newtear, land, teardrop, ssping, and winnuke.  Note that Windows 98 is immune to these attacks.

Networking Attacks

These attacks exploit general, inherent limitations of networking, such as by overwhelming your modem's finite bandwidth with a flood of data, or tricking you into breaking your own connection. If you are susceptible to such attacks, it won't matter what kind of operating system you use. These attacks can disconnect you from the IRC server or your Internet Service Provider (ISP), but cannot cause your computer to crash. The attacks include click (or spoofed unreach/redirect), ICMP flood, and smurf. To learn more about these types of attacks, go to http://mirc.stealth.net/nuke

 

Types of Nukes

"BONK"

Aliases/variants: boink, newtear, teardrop2

Affects: Windows 95 / NT4

Symptoms: Blue screen freeze and crash. If you have been patched since 12/97 against the other nukes below and as of 1/98 suddenly started to get the blue screen, you're probably being "bonked".

Patches: Microsoft just released a new patch for Win 95 winsock 2 that covers this attack (after nearly 2 months!). Patches already exist for Win NT4 and Win 95 Winsock 1 at the #mIRC nuke information page.

For more info: See Microsoft's bulletin last updated in late February.

 

"LAND"

Affects: Windows 95 / NT / 3.11, many others

Symptoms: Freeze and crash. You're probably being "landed" if you were nuke-safe until mid-November or if you're already patched against the other nukes.

Patches: Windows 95/NT, see the Operating System Attacks in Introduction at http://mirc.stealth.net/nuke

For more info: See the excellent article from Wired News.

 

"TEARDROP"

Aliases/variants: tear, TCP/IP fragment bug, overlapfrag bug

Affects: Windows 3.1/95/NT, Linux (before 2.0.32 and 2.1.63)

Symptoms: Immediate crash or reboot. If you know you're safe against "winnuke" and "ssping" below and you still crash, you are probably suffering from either "land" or "teardrop". If you just get disconnected it's probably "click".

Patches:

• Windows 95/NT: see Operating System Attacks in Introduction.
• Linux: upgrade to 2.0.32 / 2.1.63 or later.

For more info: Visit the teardrop page at Windows Central.

 

"CLICK"

Aliases/variants: [the original] nuke, ICMP nuke, ICMP_REDIRECT or ICMP_DEST_UNREACH spoof, WinNewk/WinNewk-X

Affects: All IRC users. Can be used against any TCP connection if no filtering is used.

Symptoms: Disconnection from IRC server, but your TCP/IP stack (Winsock) and modem connection are both fine, no crash or reboot. Windows users will usually quit with the message "Connection reset by peer." Other common quit messages are Connection refused, Operation timed out, and Host unreachable, depending on which end of the connection (server or client) is attacked.

Patches: If they attack the server, as they often do, there is nothing you can do to stop that. If they attack your client, there is normally no defense for standalone computers, although a so-called "personal" firewall product for Windows does stop these attacks (see Networking Attacks in Introduction).

 

"SSPING"

Aliases/variants: jolt, sPING, ICMP bug, IceNewk, "Ping of Death".

Affects: Windows 95 / NT, and many others!

Symptoms: Computer locks up, usually requiring a reboot (reset switch such as ctrl+alt+del doesn't work). After restart, computer runs as usual.

Patches:

• Windows 95/NT: see Operating System Attacks in Introduction.
• Other platforms: see The Ping o' Death Page

       For more info: See the winnuke pages at Windows Central and  winfiles.com.

"WINNUKE"

Aliases/variants: Windows OOB bug.

Affects: Windows 95 / 3.11 / NT (Please note that Windows 98 is not affected)

Symptoms: "Blue Screen" (virtual device driver) error. Computer usually recovers, but Internet connection doesn't, requiring reboot (usual shutdown procedure should work). May also cause computer to lock up.

Patches:

• Win95/NT: see Operating System Attacks in Introduction Windows 98 is already protected.
• Win 3.1x (courtesy of Tjerk Vonck):
  
  What to do
  
• Find SYSTEM.INI on the boot drive of your computer
• Directly under the caption [MSTCP] in SYSTEM.INI insert this line:
  BSDUrgent=0

For more info: See the winnuke pages at Windows Central and winfiles.com.

 

"ICMP FLOOD"

Aliases/variants: ping flood, ICMP_ECHO flood

Affects: all modem connections

Symptoms: Modem lights go berserk indicating overflow of information, Internet applications get very slow, after 15-60 secs you get disconnected (from your server or even your provider). Everything is fine after reconnect (unless you get flooded again), no crash or reboot.

Patches: There are no patches available or possible, since this attack directly exploits the low capacities of your modem. For more information, see the firewall section of Networking Attacks in Introduction.

 

"SMURF"

Affects: whole provider or IRC server

Symptoms: Imagine ICMP flooding for an entire provider or server. Everybody connected gets bogged down and kicked off, attack can last for hours or days.

Patches: There is nothing you can do to defend yourself, but if you do have any information on who is doing the attack, contact the admins at your ISP or IRC server (whichever is being attacked). Again, no personal firewalls can protect you.

           For more info: See the winnuke pages at Windows Central and winfiles.com.

          All of the preceeding information is simply that...information. Battle.net in and of itself is very unstable
          and just because you crash out or have difficulty connecting does not mean you are being nuked.
          Again, remember that nuking someone is a Federal Crime and is not worth the trouble you can find
          yourself in.

          Stalker