Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Windows Attack Can Disable Firewall

Posted by ryuzaki0 on from the he-shoots-he-scores dept.

BobB writes to tell us NetworkWorld is reporting that new code released on Sunday could allow a fully patched Windows XP PC's personal firewall to be disabled via a malicious data packet. The exploit depends on the use of Microsoft's Internet Connection Service. From the article: "The attacker could send a malicious data packet to another PC using ICS that would cause the service to terminate. Because this service is connected to the Windows firewall, this packet would also cause the firewall to stop working, said Tyler Reguly, a research engineer at nCircle Network Security Inc."

6 of 273 comments (clear)

  1. Not as bad as it sounds by DavidD_CA · · Score: 5, Informative

    So for this attack to work, according to the article...

    1) The attacker has to be on the LAN already, or executing code from a PC on the LAN

    2) The LAN has to be connected to the internet through a PC using ICS, and

    3) There can be no external firewall device such as a router sitting between the LAN and the internet

    While this is certainly a valid attack... so are a lot of other attacks once you're already in the LAN. This one just happens to nuke a software-based firewall from the inside. Big deal.

    --
    -David
  2. Internet Connection Service? by Red_Deth · · Score: 2, Informative
    The exploit depends on the use of Microsoft's Internet Connection Service.
    Is ICS not Internet Connection Sharing?
  3. Re:How do you know you've never gotten a virus? by jimicus · · Score: 2, Informative

    In theory, yes. But you'd need to reboot the OS into some kind of diagnostics otherwise you're asking the OS to attest to itself - and if it's been trojaned, you can't trust the OS because the first thing any sensible trojan will do is cover its own tracks.

    In practise, if you want a 100% guarantee that any malware has been eradicated, the only solution is a rebuild.

  4. Re:Obvious by toadlife · · Score: 2, Informative

    Yep.

    My old gateway with two 3com 3c905 and FreeBSD laughs at the measly bit torrent connections I throw at it. Before I set that up a few years ago, I had similar experiences with consumer grade networking gear.

    --
    I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
  5. WRT65GL by coder111 · · Score: 2, Informative

    I have a Linksys WRT54GL router (http://en.wikipedia.org/wiki/WRT54GL). It uplinks via 36-54mbit (depending on conditions) wireless connection, and acts as a router for a network of ~10 computers with quite heavy p2p traffic. It is stable and rarely slows down. Of course, I run a custom linux firmware on top of it (HyperWRT Thibor, original firmware sucks quite bad).

    Oh, and it cost me ~70 USD.

    --Coder

  6. Re:Obvious by KDR_11k · · Score: 2, Informative

    Because you can't meaningfully implement NAT on a single-machine "network"?

    --
    Justice is the sheep getting arrested while an impartial judge declares the vote void.