WinNuke

from Wikipedia, the free encyclopedia

The term WinNuke called a via network remote DoS Service attack (denial-of-service attack), against the following Microsoft - operating systems vulnerable are / were: Windows 95 (Version A), Windows NT and Windows 3.1x .

Sending a TCP packet with the URG flag set to TCP port # 139 ( NetBIOS ; as an active component of the operating system) results in a "blue screen" (so-called blue screen of death) or causes a restart of the computer. This exploit does not cause primary damage to the compromised computer, but all unsaved data will be lost when the system crashes.

What was special about WinNuke was that it was the first mass-widespread exploit and that some programs were available that made this attack easily available. Therefore anyone could use the DoS attack , even without knowing the technology (see Scriptkiddies ).

Historically, WinNuke was one of the first exploits for mass operating systems. After the vulnerability became known, Microsoft tried to publish patches for the affected operating systems and did not make the same mistake with the following operating systems Windows 2000 and Windows XP . Nevertheless, it took a long time for the users of the affected operating systems to install the patches , so that they remained vulnerable to the exploit for a long time.

Today, WinNuke should no longer pose a threat, as the affected Microsoft operating systems are rarely used and are neither sold nor technically supported by Microsoft. In addition, most home users no longer establish a direct dial-up connection from their PC to the Internet, but instead use DSL routers , for example , which already represent a simple firewall through the use of NAT and discard the packets as long as the user does not explicitly forward a port on his own System has set up.

See also: Cracker (Computer) , Hacker , Heap Overflow , Shellcode