Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Windows Attack Can Disable Firewall

Posted by ryuzaki0 on from the he-shoots-he-scores dept.

BobB writes to tell us NetworkWorld is reporting that new code released on Sunday could allow a fully patched Windows XP PC's personal firewall to be disabled via a malicious data packet. The exploit depends on the use of Microsoft's Internet Connection Service. From the article: "The attacker could send a malicious data packet to another PC using ICS that would cause the service to terminate. Because this service is connected to the Windows firewall, this packet would also cause the firewall to stop working, said Tyler Reguly, a research engineer at nCircle Network Security Inc."

8 of 273 comments (clear)

  1. Not that big a deal, but still. by Grendel+Drago · · Score: 5, Insightful

    Sure, it requires that you be on the internal LAN already, and that you be running ICS, and who runs ICS anyway? But what kind of shit design is this that lets you take down the firewall if you piss off the IP-masquerading software? Did someone cut their fuzz-testing budget? What's their excuse for having this kind of vulnerability?

    --
    Laws do not persuade just because they threaten. --Seneca
  2. What can you trust? by RLiegh · · Score: 3, Insightful

    If the graphics applications you use require windows, and all of the major firewall vendors are bloated (symantec), worthless (keiro) or both (macaffee) then what can you do?

    1. Re:What can you trust? by oGMo · · Score: 4, Insightful

      A few things:

      • Keep all your broken (Windows) boxes in a heavily-firewalled subnet (and make sure the firewall is something secure, i.e., not Windows)
      • Don't put the broken box on the network at all
      • Run your app in a VM
      • Find a new app
      --

      Don't think of it as a flame---it's more like an argument that does 3d6 fire damage

  3. Re:Obvious by Anonymous Coward · · Score: 1, Insightful

    Well, I wouldn't agree with 'better performance' - software firewalls are ALWAYS a bottleneck. Just use a router :-)

  4. Re:How do you know you've never gotten a virus? by Anonymous Coward · · Score: 1, Insightful
    What rubbish, if it's on the machine it's detectable


    HackerDefender (http://hxdef.org/) is just begging to disagree with you there. Quite a popular rootkit a few years back where I work, where there were a bunch of Windows 2000 machines which got cracked. The only reason we knew there was anything wrong with them was:

    a) We were warned of increasing levels of network traffic
    b) When it came time to install SP4 on them, it wouldn't go on (due to the rootkit blocking all access to anything called "ftp.exe", thus the SP couldn't install correctly)

    However, had this been a home machine then almost certainly nothing would have been detectable, since there's no one to monitor traffic levels, and I don't think most users would read too much into it if a patch failed.
  5. Re:Obvious by Propaganda13 · · Score: 2, Insightful

    Actually, he's probably partly referring to the routers flooding their wireless connection which happens with Zyxel routers too.
    http://www.tomsnetworking.com/lans_routers/charts/ index.html?chart=124
    You set up a p2p like bittorrent that is willing to use a lot of simulataneous connections and it floods your router and your connection drops.
    Of course, it does sound like a lot of routers(1 a month?) to go through so if he's returning a lot of dead routers, a possible power problem in the home is possible.

  6. Suddenly noone is using wireless? by db32 · · Score: 2, Insightful

    So I see dozens of comments about "Its no big deal, you have to be on the lan". Am I the only one that hasn't forgotten how common wireless networks are and how trivial it is to gain access to most of them?

    --
    The only change I can believe in is what I find in my couch cushions.
  7. Re:Obvious by Tim+C · · Score: 2, Insightful

    As for the wireless stuff, well, that's too bad. But your computer already needs one connection to the wall to get its power. Will one more for data kill you?

    No, but my girlfriend nearly did when I started laying bright yellow cat5 cable in the house...

    --
    It's official. Most of you are morons.