Re: AW: Winnuke

John Amery ( (no email) )
Mon, 12 May 1997 13:00:29 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: William Behrens: "(no subject)"
Next message: Dave Smith: "Re: Winnuke"
Maybe in reply to: Peter A. Sang: "AW: Winnuke"

The way Winnuke works is it sends OOB Data to port 139 of an NT or Win95
machine... now wether you have NetBios enabled or not it will crash you
computer because windows networking doesn't know how to handle OOB Data on
the NetBios port and crashes... so unless you run NetBios through your
router I would say that is the only safe way to block it....

Josh Perry
System Admin.
NetConnect
http://www.netcnct.net/
joshp@netcnct.net

----------
> From: Josh Hillman <admin-maillist@talstar.com>
> To: ntisp@emerald.iea.com
> Subject: Re: AW: Winnuke
> Date: Monday, May 12, 1997 6:42 AM
>
> > > Are you _sure_ about the ports? AFAIK NETBIOS uses 137/udp, 138/udp,
> > > 139/tcp ??
> > > Please correct me if I'm wrong, I'd like to setup filters soon...
> >
> > It is actually 137-139. You can look in your services file for them
> > as well.
>
>
> Obtained from RFC-1700 (http://ds.internic.net/rfc/rfc1700.txt):
>
> netbios-ns 137/tcp NETBIOS Name Service
> netbios-ns 137/udp NETBIOS Name Service
> netbios-dgm 138/tcp NETBIOS Datagram Service
> netbios-dgm 138/udp NETBIOS Datagram Service
> netbios-ssn 139/tcp NETBIOS Session Service
> netbios-ssn 139/udp NETBIOS Session Service
>
> Josh Hillman
> hillman@talstar.com
>
>
> ----------------------------------------------------------
> NTISP Mailing List listserver@emerald.iea.com

Previous message: William Behrens: "(no subject)"
Next message: Dave Smith: "Re: Winnuke"
Maybe in reply to: Peter A. Sang: "AW: Winnuke"