Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

New Windows Attack Can Disable Firewall 273

Posted by ScuttleMonkey
from the he-shoots-he-scores dept.
BobB writes to tell us NetworkWorld is reporting that new code released on Sunday could allow a fully patched Windows XP PC's personal firewall to be disabled via a malicious data packet. The exploit depends on the use of Microsoft's Internet Connection Service. From the article: "The attacker could send a malicious data packet to another PC using ICS that would cause the service to terminate. Because this service is connected to the Windows firewall, this packet would also cause the firewall to stop working, said Tyler Reguly, a research engineer at nCircle Network Security Inc."
This discussion has been archived. No new comments can be posted.

New Windows Attack Can Disable Firewall

Comments Filter:
  • by Grendel Drago (41496) on Tuesday October 31, 2006 @02:46AM (#16654417) Homepage
    Sure, it requires that you be on the internal LAN already, and that you be running ICS, and who runs ICS anyway? But what kind of shit design is this that lets you take down the firewall if you piss off the IP-masquerading software? Did someone cut their fuzz-testing budget? What's their excuse for having this kind of vulnerability?
  • by RLiegh (247921) * on Tuesday October 31, 2006 @02:48AM (#16654425) Homepage Journal
    If the graphics applications you use require windows, and all of the major firewall vendors are bloated (symantec), worthless (keiro) or both (macaffee) then what can you do?
  • by oGMo (379) on Tuesday October 31, 2006 @03:14AM (#16654579)

    A few things:

    • Keep all your broken (Windows) boxes in a heavily-firewalled subnet (and make sure the firewall is something secure, i.e., not Windows)
    • Don't put the broken box on the network at all
    • Run your app in a VM
    • Find a new app
  • Re:Obvious (Score:1, Insightful)

    by Anonymous Coward on Tuesday October 31, 2006 @03:26AM (#16654629)
    Well, I wouldn't agree with 'better performance' - software firewalls are ALWAYS a bottleneck. Just use a router :-)
  • by Anonymous Coward on Tuesday October 31, 2006 @04:26AM (#16654921)
    What rubbish, if it's on the machine it's detectable


    HackerDefender (http://hxdef.org/) is just begging to disagree with you there. Quite a popular rootkit a few years back where I work, where there were a bunch of Windows 2000 machines which got cracked. The only reason we knew there was anything wrong with them was:

    a) We were warned of increasing levels of network traffic
    b) When it came time to install SP4 on them, it wouldn't go on (due to the rootkit blocking all access to anything called "ftp.exe", thus the SP couldn't install correctly)

    However, had this been a home machine then almost certainly nothing would have been detectable, since there's no one to monitor traffic levels, and I don't think most users would read too much into it if a patch failed.
  • Re:Obvious (Score:3, Insightful)

    by Propaganda13 (312548) on Tuesday October 31, 2006 @05:35AM (#16655293)
    Actually, he's probably partly referring to the routers flooding their wireless connection which happens with Zyxel routers too.
    http://www.tomsnetworking.com/lans_routers/charts/ index.html?chart=124 [tomsnetworking.com]
    You set up a p2p like bittorrent that is willing to use a lot of simulataneous connections and it floods your router and your connection drops.
    Of course, it does sound like a lot of routers(1 a month?) to go through so if he's returning a lot of dead routers, a possible power problem in the home is possible.

  • by db32 (862117) on Tuesday October 31, 2006 @06:31AM (#16655601) Journal
    So I see dozens of comments about "Its no big deal, you have to be on the lan". Am I the only one that hasn't forgotten how common wireless networks are and how trivial it is to gain access to most of them?
  • Re:Obvious (Score:3, Insightful)

    by Tim C (15259) on Tuesday October 31, 2006 @04:06PM (#16664347)
    As for the wireless stuff, well, that's too bad. But your computer already needs one connection to the wall to get its power. Will one more for data kill you?

    No, but my girlfriend nearly did when I started laying bright yellow cat5 cable in the house...

Riches: A gift from Heaven signifying, "This is my beloved son, in whom I am well pleased." -- John D. Rockefeller, (slander by Ambrose Bierce)

Working...