CMOS Bomb?
 

Can someone help me in where to go to get information on how to stop this. Some one has been hitting two of my friends servers on win03 and one is rh-ent(router i believe). I have little data on this attach or how to stop it. All I know is that I have had to have him completely reload system bios in order to get the two compag dl380's to post. No viruses have been found and array bios seems to stay intacked. All I am looking for is direction on where to go to get a resolution as most searches on this topic dont seem to return that much in the way of security fixes. Any direction appreciated.

Not completely sure what your asking. Someone remotely crashing you bios? IPX on? turn it off! Port 139 closed/stealth? Block it! If someone is doing it local fire em!

I guess that is the answer I was looking for. The organizations I work for has alway had others deal with such issues and this isnt happening under my roof and I myself have always stayed away from playing with these things. I guess you would have to say its a friend in the business. In ten years in the computer industry I have never had to deal with this.

I believe what we are looking at is called a "stealth attack" and knew that they could lock a computer system just not clear the cmos so the system wouldnt even post. Was trying to help a friend by providing resources in prevention.

Thank you for your help and Merry Christmas!

Further commentary appreciated!

To the best of my knowledge the way to alter CMOS is via IN instructions.

See:

http://ivs.cs.uni-magdeburg.de/~zbrog/asm/cmos.html

http://www.totallygeek.com/vscdb/ind...cca4607212fbd6

I found this, which I wrote in 1992, in Turbo Basic, under DOS:

So you need to look for something that is doing something along these lines. Note that, in assembler, you can do it in a few bytes.

Hope this helps.