Intrusion Prevention

winnuke

Description

It indicates the system is under WinNuke attack.

A WinNuke attack is a Denial-of-Service attack affects old Windows systems (Windows 95, NT and 3.11). The old Windows systems with the OOB (Out-of-Band) bug don?t know how to handle OOB data in TCP and exhibits odd behavior, ranging from a lost Internet connection to a system crash.

Attackers usually use the WinNuke program connects the target host via port 139 (but other ports are vulnerable if they are open), the program sends OOB data to the target host and crashes the system.

Affected Products

Systems connected to the Internet running Windows 3.11, Windows 95 OSR2 and earlier, WinNT 4.0 SP3 and earlier.

Impact

The system under the attack will most likely disconnect from the network or Internet. In most cases, the system will crash and the user will see the blue screen. The system will not sustain permanent damage by the attack, and a simple reboot will suffice to recover from an attack. However, unsaved data might be lost.

Recommended Actions

If a FortiGate with FortiOS 2.80 or above is used, select Reset as the default action for the signature.

Other References

1