Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Windows Attack Can Disable Firewall

Posted by ryuzaki0 on from the he-shoots-he-scores dept.

BobB writes to tell us NetworkWorld is reporting that new code released on Sunday could allow a fully patched Windows XP PC's personal firewall to be disabled via a malicious data packet. The exploit depends on the use of Microsoft's Internet Connection Service. From the article: "The attacker could send a malicious data packet to another PC using ICS that would cause the service to terminate. Because this service is connected to the Windows firewall, this packet would also cause the firewall to stop working, said Tyler Reguly, a research engineer at nCircle Network Security Inc."

5 of 273 comments (clear)

  1. Not that big a deal, but still. by Grendel+Drago · · Score: 5, Insightful

    Sure, it requires that you be on the internal LAN already, and that you be running ICS, and who runs ICS anyway? But what kind of shit design is this that lets you take down the firewall if you piss off the IP-masquerading software? Did someone cut their fuzz-testing budget? What's their excuse for having this kind of vulnerability?

    --
    Laws do not persuade just because they threaten. --Seneca
  2. Not as bad as it sounds by DavidD_CA · · Score: 5, Informative

    So for this attack to work, according to the article...

    1) The attacker has to be on the LAN already, or executing code from a PC on the LAN

    2) The LAN has to be connected to the internet through a PC using ICS, and

    3) There can be no external firewall device such as a router sitting between the LAN and the internet

    While this is certainly a valid attack... so are a lot of other attacks once you're already in the LAN. This one just happens to nuke a software-based firewall from the inside. Big deal.

    --
    -David
  3. Re:What can you trust? by oGMo · · Score: 4, Insightful

    A few things:

    • Keep all your broken (Windows) boxes in a heavily-firewalled subnet (and make sure the firewall is something secure, i.e., not Windows)
    • Don't put the broken box on the network at all
    • Run your app in a VM
    • Find a new app
    --

    Don't think of it as a flame---it's more like an argument that does 3d6 fire damage

  4. Re:What can you trust? by gbobeck · · Score: 4, Funny
    You use an IPS/IDS appliance that goes up to level 7.

    For extra effectiveness, make sure your level 7 IPS/IDS appliance is armed with nothing less than a +3 Sword of Packet Smiting.
    --
    Navicula hydraulica plena anguilarum est. Omnes castelli tuus nostri sunt. Ed elli avea del cul fatto trombetta.
  5. Re:What can you trust? by pedestrian+crossing · · Score: 5, Funny

    You use an IPS/IDS appliance that goes up to level 7.

    Mine goes up to 11.

    --
    A house divided against itself cannot stand.