New Windows Attack Can Disable Firewall 273
BobB writes to tell us NetworkWorld is reporting that new code released on Sunday could allow a fully patched Windows XP PC's personal firewall to be disabled via a malicious data packet. The exploit depends on the use of Microsoft's Internet Connection Service. From the article: "The attacker could send a malicious data packet to another PC using ICS that would cause the service to terminate. Because this service is connected to the Windows firewall, this packet would also cause the firewall to stop working, said Tyler Reguly, a research engineer at nCircle Network Security Inc."
Not as bad as it sounds (Score:5, Informative)
1) The attacker has to be on the LAN already, or executing code from a PC on the LAN
2) The LAN has to be connected to the internet through a PC using ICS, and
3) There can be no external firewall device such as a router sitting between the LAN and the internet
While this is certainly a valid attack... so are a lot of other attacks once you're already in the LAN. This one just happens to nuke a software-based firewall from the inside. Big deal.
Internet Connection Service? (Score:2, Informative)
Re:How do you know you've never gotten a virus? (Score:3, Informative)
In practise, if you want a 100% guarantee that any malware has been eradicated, the only solution is a rebuild.
Comment removed (Score:2, Informative)
WRT65GL (Score:2, Informative)
Oh, and it cost me ~70 USD.
--Coder
Re:Obvious (Score:2, Informative)