COMMAND

    NukeNabber

SYSTEMS AFFECTED

    Win NT (others?)

PROBLEM

    's1' found following. [this  wasn't tested on anything  other than
    Windows NT 4.0 SP3 (Workstation & Server)]  NukeNabber listens  on
    several ports for connections.  You can configure it to listen  on
    any port, but the standards are  1080, etc.  If you telnet  to the
    port  of  a  machine  that  NukeNabber is listening on, NukeNabber
    apparently spawns a process called Report.exe.  This process lasts
    anywhere from 30-90 seconds, and consumes ~100% CPU.  The  problem
    with this is fairly obvious. (note: when connecting to a port that
    NukeNabber is  listening on,  it's important  that you  don't type
    anything.  Just let the connection sit and time out.)

    While we're on the subject  of NukeNabber, NukeNabber has a  nifty
    feature that establishes a DDE  link with an IRC client.  (mIRC or
    pirch).  There are scripts written for both clients that have  the
    option to  kick/ban any  host found  to be  "nuking" from  all the
    channels that you're oped in, and can also /ignore them.  This can
    become interesting when someone has a version of WinNuke that  can
    spoof a source  IP.  If  a person has  the kick/ban/ignore feature
    active, you  can turn  them against  the people  in their channels
    quite easily.

SOLUTION

    The problem with  a timeout not  shutting down the  port was fixed
    recent release.   Spoofing is  always a  problem, that  is why the
    script was written such that channel takeovers are not possible.