Hey , I'm Ben or better known as frogeye in IRC.I
normally hang out in Webbernet and Dalnet at #linux.First of all..a big
thanx for dropping by.I'm glad that you've found yer way in ere and i promised
u won't be disappointed.A brief introduction 'bout my homie.I started doin
this page of mine after i've received many complaints frm my irc friends
saying they have been nuked and they need some neat proggies to retaliate.So..i've
decided to put up a page bout nuking and stuff along with some proggies
and patches to keep them safe from nuking while having fun nuking back
:).I will be constantly updating this homie with the latest news and nuking
proggies..so be sure to bookmark this page !!.Still dunno what nuking is
all about..read on :)
The term "nuke" is now generally used to describe many forms of "Denial of Service" attacks against computers connected to the Internet, causing the computer to disconnect or crash. Often the victims are people on Internet Relay Chat (IRC), but nuking is not part of IRC, so you can't get back at these people through IRC, nor can IRCops sanction them. The attackers are usually prepubescent idiots who think it's all a fun prank, so try not to take it personally and just get yourself the appropriate defensive patches.I've collected below the most up to date information available on all forms of attacks. There are constantly new attacks popping up. Bookmark and reload this page to be sure you get the latest version.
New and confused?
Don't panic. We will walk you through the process step by step, and you really need to learn to do this unless you want to put up with the constant attacks or get off the Internet entirely. Just follow the directions in the News section below to protect yourself against most attacks.Reporting Nukes
Read this to learn about your options for reporting abusers or seeking revenge!
Defenses for Windows 95/NT against older nukes!
For step by step directions to defend against the older nukes known as land, teardrop, ssping, and winnuke, see the EFnet #mIRC nuke information page (not affiliated with this site). These guys may not be the first to break the news, but they always provide the most complete, latest fixes that they have tested to make sure everything actually works.New attacks: bonk and SMB
There are 2 major new attacks in the past few months. Each is described in detail in our information page (just click on the name of the attack below to jump there). Briefly here is the status for each.
- bonk / boink / newtear / teardrop2
- This has been plaguing IRC since January, and things got worse in early March with widespread attacks against whole institutions (particularly .gov and .edu sites). Microsoft released a new patch for Win 95 winsock 2 that covers this attack (after nearly 2 months!).
- Server Message Block (SMB) logon attack
- This attack has also been used in widespread attacks recently. It causes Win NT to hang or restart. See the Microsoft help page for information and patches.
Firewall protection against all nukes?
Tired of all these nukes? Providers can set up a firewall security barrier to block attacks while allowing you to access the Internet. Ask your provider to protect you, or else take your business elsewhere! You cannot set up your own firewall just by turning on mIRC's SOCKS firewall options - those just allow you to configure mIRC to use your provider's existing firewall.
The following nukes are described in detail on a separate information page. They are listed in approximately reverse chronological order (most recent attacks first): Windows 95/NT users should first read the News section above which will show you a series of steps that will protect you against the most common nukes.Macintosh users should rejoice - unlike the bug-riddled Windoze, MacOS is impervious to most nukes. Be sure you're using OpenTransport (not MacTCP) under MacOS 8.x and you should be safe.
One way to get back at those who attack you is to log and report the attacks. There are several options for tracing attacks, described below:p.s > got nuked recently? Fret not..just send me a mail about the attacker's nick and the exact channel and server...i'l try and see if i can help.Any questions or suggestions can be forwarded to [email protected]Note: Some attacks actually can exploit these monitoring utilities to crash your computer. See the News section first before running any of these.
- scanicmp.bat:
- Shift-click on the link and save it to somewhere on your disk, or else it will just open up as a text file in your browser. This little "batch" file will run the DOS command "netstat" to scan who is hitting you at that instant. This is good if you know you are being attacked and your machine hasn't crashed yet.
- ICMP Watch:
- This small utility runs continuously in the background and logs everything sent to your machine. This is useful because some nukes are just one quick attack that immediately crash you, so by then it's too late to run scanicmp.bat above. The disadvantage is that it logs everything, even legitimate communications such as from your IRC server, so you need to sift through long log files to find the real culprits.
- plisten:
- This application listens for incoming connections on a single port. It's especially good for the winnuke attack (it's set by default to port 139), it will log the attacker's address to a file and you can also set it up to play a sound file to notify you that someone's gunning for ya.
- NukeNabber:
- This program is similar to ICMP Watch above, in that it sits in the background and monitors potential attacks. It goes one step further, however, for users of the Windows IRC client mIRC. If it detects an attack, it will try to find the nickname of the attacker, and if that person is on your channel, automatically kick and ban him.
Note: NukeNabber only works with NT/95, not 3.1x. NukeNabber requires Winsock 2 for Win95 users (Windows NT users don't need and should NOT install Winsock 2).