Bonk Denial of Service Attack
The information on this page may be obsolete. For the current documentation, please log into the mySAINT portal using your customer login and password.Description of Bonk
This DoS attack affects Windows 95 and NT machines.The Bonk attack is a variation of the now infamous Teardrop attack, and works much like the Boink attack, although it does not allow UDP port ranges. The Bonk attack manipulates a field in TCP/IP packets, called a fragment offset. This field tells a computer how to reconstruct a packet that was broken up (fragmented), because it was too big to transmit in a whole piece. By manipulating this number, the Bonk attack causes the target machine to reassemble a packet that is much too big to be reassembled. This causes the target computer to crash. A simple reboot is usually sufficient to recover from this attack. It is possible that unsaved data in applications open at the time of attack will be lost.
Symptoms of Attack
When a Bonk attack is directed at a Windows 95 or NT machine, the usual result is that the machine will crash (the Blue Screen of Death). In some cases, though, affected machines will reboot.How can I fix this vulnerability?
The fix for this vulnerability is to install a patch, available from Microsoft. You will find patches for Windows NT 3.51/4.0 and Windows 95 at the site provided above. Also, you may visit the Nuke Patches page for patches and information related to securing your site against various Denial of Service attacks.Where can I read more about this?
For more information on the Bonk Denial of Service attack, visit Microsoft's p Newtear2 page. To keep abreast of existing and emerging Denial of Service attacks, and other security threats, visit the Microsoft Security Advisor, the Windows Central Bug Site, and/or CERT.