Sping Attack..What you should Know File Information was obtained from http://www.darkening.com/ssping ==================================== What is it? SSPING/Jolt is a program which effectively will freeze of almost any Windows95 or Windows NT connection. It's based on old code which freezes old SysV and Posix implementations. It works basically by sending a series of spoofed & fragmented ICMP packets to the target, which build up to be a 64k ping, and Windows95/NT then ceases to function altogether. Who does it effect? This will affect almost all Windows95, Memphis and WindowsNT boxes which are not behind a firewall which blocks ICMP packets. We have heard reports of some computers not being effected however. This will also affect old MacOS machines too, and it's possible it is also useful against old SysV/POSIX implementations. Anyone who plays Quake or uses IRC has probably encountered an ssping/freeze attack before, and is encouraged to patch themselves. Why is this happening? I think the root of the problem is that Microsoft seems to always code via RFC, and doesn't write handlers for the "What if someone sends me something invalid" possibility. This is not the first time Windows95 or NT has had problems with ICMP, and if you would like to read the technical details, as well as look at the source code for Jolt, click here. How can I protect myself? We have some patches and information available here. A bugfix has been posted by Microsoft for NT4.0 I still haven't seen a Win95 or NT4 Workstation patch yet. Check this site for updates!