bonk attack

Read those URL’s;
http://www.dslreports.com/forum/remark,3303025

The Bonk attack is a variation of the now infamous Teardrop attack, and works much like the Boink attack, although it does not allow UDP port ranges. The Bonk attack manipulates a field in TCP/IP packets, called a fragment offset. This field tells a computer how to reconstruct a packet that was broken up (fragmented), because it was too big to transmit in a whole piece. By manipulating this number, the Bonk attack causes the target machine to reassemble a packet that is much too big to be reassembled. This causes the target computer to crash. A simple reboot is usually sufficient to recover from this attack. It is possible that unsaved data in applications open at the time of attack will be lost.
The “Bonk" attack, a modified version of the Tear Drop exploit program, is the most recent attacks against hosts. This attack involves the perpetrator sending corrupt UDP packets to port 53 (DNS).

So it appears she was the victim of an attempt of Denial of Service attack (DoS), from Bonk.c on someone’s machine. It could be just a coincidence that she was on Yahoo chat/IM at the time. You didn’t mention her operating system. If she’s on Win95 or NT, she’s particularly vulnerable to this, as they have holes that Bonk.c exploits, but I’ve seen a site with a patch for it in the second link I gave above.

http://archive.networknewz.com/networknewz-10-20041201DenialOfServiceAttack.html

Teardrop: The culprit sends two fragments that cannot be reassembled properly by manipulating the offset value of the packet and cause a reboot or halt of the victim’s system.

Bonk: This attack usually affects Windows OS machines. The culprit sends corrupted UDP Packets to DNS port 53. The system gets confused and crashes.

Boink: This is similar to the Bonk attack; accept that it targets multiple ports instead of only 53.

發表迴響