Newtear
Description of Newtear
This DoS attack affects Windows 95 and Windows NT 4.0 machines.
The Newtear attack is a modified version of the
Teardrop attack that appeared
on the Internet approximately eight to nine months ago. Newtear exploits a problem
with the way the Microsoft
TCP/IP stack
handles certain exceptions caused by misformed
UDP header information. This situation does not occur in properly formed TCP/IP
packets, and
must be generated by a program with malicious intent.
Symptoms of Attack
When a Windows NT or Windows 95 machine receives one of these misformed UDP packets, it
will cause either operating system to crash or hang. In most cases, users will see the Blue
Screen of Death, which indicates that the system is in panic mode. While this attack is not harmful
to a target machine in and of itself, any unsaved data in applications open at the time
of the attack will almost certainly be lost. A simple reboot is usually sufficient to recover
completely from the Newtear attack.
How can I fix this vulnerability?
The fix for this vulnerability is to patch all vulnerable machines. Patches for
Windows NT 4.0,
and Windows 95 are available.
Where can I read more about this?
You can read more about the Newtear attack, and other Out-Of-Band attacks, at
Microsoft's
Modified Teardrop Attack page. Also, visit Microsoft's
Newtear2 page for more
information about this vulnerability. Other good sources of information include
IRChelp, EFnet's
mIRC Nuke Information page and, for technical
information and the source code for the Newtear program, visit
Rootshell.
To keep abreast of existing and emerging Denial of Service
attacks, and other security threats, visit the
Microsoft Security Advisor, the
Windows Central Bug Site, and/or CERT. If information
on a specific attack is not located on these sites, keep checking back as they
are updated frequently.