Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Windows Attack Can Disable Firewall

Posted by ryuzaki0 on Monday October 30, 2006 @07:40PM from the he-shoots-he-scores dept.

BobB writes to tell us NetworkWorld is reporting that new code released on Sunday could allow a fully patched Windows XP PC's personal firewall to be disabled via a malicious data packet. The exploit depends on the use of Microsoft's Internet Connection Service. From the article: "The attacker could send a malicious data packet to another PC using ICS that would cause the service to terminate. Because this service is connected to the Windows firewall, this packet would also cause the firewall to stop working, said Tyler Reguly, a research engineer at nCircle Network Security Inc."

2 of 273 comments (clear)

Min score:

Reason:

Sort:

Not that big a deal, but still. by Grendel+Drago · 2006-10-30 19:46 · Score: 5, Insightful

Sure, it requires that you be on the internal LAN already, and that you be running ICS, and who runs ICS anyway? But what kind of shit design is this that lets you take down the firewall if you piss off the IP-masquerading software? Did someone cut their fuzz-testing budget? What's their excuse for having this kind of vulnerability?

--
Laws do not persuade just because they threaten. --Seneca
Re:What can you trust? by oGMo · 2006-10-30 20:14 · Score: 4, Insightful
A few things:
- Keep all your broken (Windows) boxes in a heavily-firewalled subnet (and make sure the firewall is something secure, i.e., not Windows)
- Don't put the broken box on the network at all
- Run your app in a VM
- Find a new app
--
Don't think of it as a flame---it's more like an argument that does 3d6 fire damage