Are You Wearing Protection?

Nuke Information for Win95 users

There have been 2 New Nukes on the scene in the last few weeks(Teardrop and Land) which are being used to freeze Windows users, The following steps will work to protect most users from TearDrop & Land, as well as the previous nuker favourites from the summer Winnuke and ssping. Please remember these are TEMPORARY fixes and are NOT GUARANTEED TO WORK. They HAVE worked for myself and a few testers but that is no guarnatee they will do anything except upgrade your system a bit :)

HAVE YOUR WIN95 INSTALLATION CD/DISKS available as some steps may require files from them.

It is essential you follow the following steps IN ORDER.

Step 1:	Upgrade to Winsock 2 here( gotta love MS )
Step 2:	Update to DUN 1.2(Dial Up Networking) file with this, msdun12

Now Your Ready To Install the Nuke Patches

Step 1:	Install vipup20.exe
Step 2:	Install vtcpupd.exe
Step 3:	The Following step is required to "close" port 139 on your system. It WILL cause troubles with anyone running a local network as it requires your disabling netbios(deals with file and printer sharing etc etc). This step is required in order to help protect yourself from "Land". As Land requires a open port(any open port) to connect to in order to send the crash by closing off port 139 you leave 1 less target for the Nuker. Rename C:\WINDOWS\SYSTEM\VNBT.386 to C:\WINDOWS\SYSTEM\VNBT.BAK ( In a DOS window type ren c:\windows\system\vnbt.386 c:\windows\vnbt.bak )
Final :	Lastly, in order to protect from Land, as was stated in the previous step you need to close off all open ports, that means NO personal ftp,httpd or irc servers running folks IF you have ANY of those running then your vulnerable. All that needs to be done is to send a single land nuke to the port they are running on and your outa commission. Most people do not realize that mIRC can have 3 ports open depending on your setup. The Identd Port,the DCC Server, and Finger Server. These can be disabled bye typing /identd off /dccserver off and by going to the menu File/Options/Servers and Unchecking the Finger Server box. Now many(most) irc servers require you have identd on in order to connect so in theory you could just have a little script such as: on 1:start:{ identd on \| dccserver off } on 1:connect:{ .timer 1 3 identd off \| dccserver off } on 1:disconnect:{ identd on } This would enable the ident server when you run mIRC or after you disconnect for any reason and disable it 3 seconds after connecting to the server. IF you still find yourself vulnerable to land after following ALL of the above IN ORDER then I would suspect you still have a port open, be sure that your NOT running anything that could be listening for a connection(ie ftp,http,irc servers and EVEN the various nuke"nabbers" and other nuke "watchers" as they open the ports as well, so trash them for the time being:P) Once your sure of that, and you can't find any open ports your outa luck until an offical patch comes along. Enjoy,GreyFoxx.

Download these files & Install them IN THE ORDER SHOWN. Close out all other programs before installation, reboot your system after you have completed ALL of the steps outlined above.