Microsoft Security flaws and fixes

Discussion in 'other security issues & news' started by peakaboo, May 23, 2003.

Thread Status:
Not open for further replies.
  1. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Flaw:

    ICMP Router Discovery Protocol (IRDP) comes enabled by default on DHCP clients that are running Microsoft Windows95 (w/winsock2), Windows95b, Windows98, Windows98se, and Windows2000 machines.

    ZDNET article here Headline excerpt: Hackers may be snooping on you

    Article Excerpt: Companies and users of broadband modems beware: Malicious hackers may be "listening" in on your computer's conversation across the Internet.

    Full Detail Advisory: IRDP Default Route Assignment

    Excerpt: By spoofing IRDP Router Advertisements, an attacker can remotely add default route entries on a remote system.

    Fix for above flaw (FYI I have not tried it yet):

    DHCP fix provided by Analogx

    Also see Full Detail Advisory there are 2 suggested fixes there (or view next post). The registry key fix is probably what is being done by Analogx fix.

    I ran across the DHCP fix at Analogx and followed the links to the Advisory to get more info.

    Conclusion: If you own one of the above mentioned OS and are using broadband modem, you may want to look further into this flaw.
     
  2. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    I find it hilarious that in the above ZDnet article where they warn of snooping, that the article has an iframe doubleclick ad/tracking link (located to the right of "A slight detour for Data". :eek:

    Also wanted to include the 08.11.99 atstake summary advisory which will lead you to the detail advisory in the above post, but also provides a Demonstration of sample code.

    Finally wanted to add the fixes from the full details advisory noted in the 1st post:

    Fixes / Work-arounds
    ------------------------

    Firewall / Routers:
       Block all ICMP Type 9 & Type 10 packets. This should protect
       against remote Denial of Service attacks.

    Windows95/98:
       
       The Microsoft Knowledge Base contains an article that gives info
       on how to disable IRDP. It can be found at:

       http://support.microsoft.com/support/kb/articles/q216/1/41.asp
       
     Brief Summary of article:

       IRDP can be disabled manually by adding "PerformRouterDiscovery"
       value name and setting it to a dword value of 0, under the
       following registry key(s):

    HKLM\System\CurrentControlSet\Services\Class\NetTrans\####

    Where #### is the binding for TCP/IP. More than one TCP/IP
       binding may exist.

    Solaris:
       
       Configure your host to obtain a default gateway through DHCP,
       static routes, or via the /etc/defaultrouter file. For more
       information on IRDP refer to in.rdisc's man-page.
     
Loading...
Thread Status:
Not open for further replies.