Microsoft Security flaws and fixes

Discussion in 'other security issues & news' started by peakaboo, May 23, 2003.

Thread Status:
Not open for further replies.
  1. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Flaw:

    ICMP Router Discovery Protocol (IRDP) comes enabled by default on DHCP clients that are running Microsoft Windows95 (w/winsock2), Windows95b, Windows98, Windows98se, and Windows2000 machines.

    ZDNET article here Headline excerpt: Hackers may be snooping on you

    Article Excerpt: Companies and users of broadband modems beware: Malicious hackers may be "listening" in on your computer's conversation across the Internet.

    Full Detail Advisory: IRDP Default Route Assignment

    Excerpt: By spoofing IRDP Router Advertisements, an attacker can remotely add default route entries on a remote system.

    Fix for above flaw (FYI I have not tried it yet):

    DHCP fix provided by Analogx

    Also see Full Detail Advisory there are 2 suggested fixes there (or view next post). The registry key fix is probably what is being done by Analogx fix.

    I ran across the DHCP fix at Analogx and followed the links to the Advisory to get more info.

    Conclusion: If you own one of the above mentioned OS and are using broadband modem, you may want to look further into this flaw.
     
    peakaboo, May 23, 2003
    #1
  2. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    I find it hilarious that in the above ZDnet article where they warn of snooping, that the article has an iframe doubleclick ad/tracking link (located to the right of "A slight detour for Data". :eek:

    Also wanted to include the 08.11.99 atstake summary advisory which will lead you to the detail advisory in the above post, but also provides a Demonstration of sample code.

    Finally wanted to add the fixes from the full details advisory noted in the 1st post:

    Fixes / Work-arounds
    ------------------------

    Firewall / Routers:
       Block all ICMP Type 9 & Type 10 packets. This should protect
       against remote Denial of Service attacks.

    Windows95/98:
       
       The Microsoft Knowledge Base contains an article that gives info
       on how to disable IRDP. It can be found at:

       http://support.microsoft.com/support/kb/articles/q216/1/41.asp
       
     Brief Summary of article:

       IRDP can be disabled manually by adding "PerformRouterDiscovery"
       value name and setting it to a dword value of 0, under the
       following registry key(s):

    HKLM\System\CurrentControlSet\Services\Class\NetTrans\####

    Where #### is the binding for TCP/IP. More than one TCP/IP
       binding may exist.

    Solaris:
       
       Configure your host to obtain a default gateway through DHCP,
       static routes, or via the /etc/defaultrouter file. For more
       information on IRDP refer to in.rdisc's man-page.
     
    peakaboo, May 24, 2003
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...