Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

New Windows Attack Can Disable Firewall 273

Posted by ScuttleMonkey
from the he-shoots-he-scores dept.
BobB writes to tell us NetworkWorld is reporting that new code released on Sunday could allow a fully patched Windows XP PC's personal firewall to be disabled via a malicious data packet. The exploit depends on the use of Microsoft's Internet Connection Service. From the article: "The attacker could send a malicious data packet to another PC using ICS that would cause the service to terminate. Because this service is connected to the Windows firewall, this packet would also cause the firewall to stop working, said Tyler Reguly, a research engineer at nCircle Network Security Inc."
This discussion has been archived. No new comments can be posted.

New Windows Attack Can Disable Firewall

Comments Filter:
  • by orpheus_okt (879958) on Tuesday October 31, 2006 @03:18AM (#16654591)
    worthless (keiro)

    Uh... Is there something I missed in the last weeks/months? No, I'm not implying that I heard exactly the opposite, but it sounds like there are serious security holes in the old Kerio firewall although I was always convinved it's still one of the better free ones out there. And I really must have missed the news then...

    Up to now, I was sticking to Kerio on Windows. Especially because of its rather powerful options to filter single applications, addresses, ports and plenty of other manually configurable stuff instead of a placebo firewall which provides a "Yes, I'll save you from all Evil"- and a "Take care of yourself"-Button (at maximum with a Beginner-Amateur-BetterAmateur switch). Those are worthless.

    Come on, tell me people! Why is Kerio considered bad these days? (
  • by Anonymous Coward on Tuesday October 31, 2006 @04:14AM (#16654857)
    Fortunaltey for all V(irus)B(uilding)S(script) coders, Microsoft gave us all a very easy way to silently disable the firewall at any time...

    Set objFirewall = CreateObject("HNetCfg.FwMgr")
    objFirewall.LocalPolicy.CurrentProfile.FirewallEna bled = FALSE
  • Re:Obvious (Score:3, Interesting)

    by ajs318 (655362) <sd_resp2@eaRASPrthshod.co.uk minus berry> on Tuesday October 31, 2006 @04:32AM (#16654959)
    You've most probably been been buying crap routers. D-link, Belkin, Linksys, Netgear - for chuff's sake, they might as well be branded "Barbie (or Action Man) My First Router". Treat yourself to a nice ZyXel router, and you might forget you even have a router in your network.
  • Re:Obvious (Score:2, Interesting)

    by Anonymous Coward on Tuesday October 31, 2006 @05:30AM (#16655271)
    What makes you believe that a (home) router, which is a small microcontroller with some dedicated firmware running on it, will outperform a modern PC that has 10-20 times more CPU power available?
  • Re:Obvious (Score:3, Interesting)

    by ajs318 (655362) <sd_resp2@eaRASPrthshod.co.uk minus berry> on Tuesday October 31, 2006 @08:33AM (#16656457)
    The smaller ZyXel routers use a traditional transformer power pack with 12V AC output. Judging by the temperature rise, the on-board regulator is most probably a switched-mode type. I'd guess this would be quite tolerant of power surges, just with the presence of a mains transformer (hefty inductance; doesn't like rapidly-changing current). The "surge suppressor coils" found in cheap, switched-mode power packs are laughable. A well-designed power supply should fail safely and protect the connected equipment, but cheap ones often aren't well-designed.

    As for the wireless stuff, well, that's too bad. But your computer already needs one connection to the wall to get its power. Will one more for data kill you?
  • tards (Score:1, Interesting)

    by Anonymous Coward on Tuesday October 31, 2006 @09:13AM (#16656895)
    I cant wait till a journalist finally gets something right..

    Its not "Internet Connection Service" its "Internet Connection Sharing" which hardly anyone has running anyway. They probably fudded it on purpose just to make their article sound more relevant.

    (and /.'s captcha's are SO good that even I cant read them - round 2)

"The way of the world is to praise dead saints and prosecute live ones." -- Nathaniel Howe

Working...