Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft, Cisco Finally Patch TCP DoS Flaw

Posted by kdawson on from the who-needs-a-botnet dept.

Trailrunner7 writes "Today vendors are finally releasing patches for the TCP vulnerabilities first publicized nearly a year ago that affect a huge range of networking products, including any device running a version of Cisco's IOS software, and a number of Microsoft server and desktop operating systems. Both Microsoft and Cisco released fixes for the vulnerabilities today. The Microsoft Patch Tuesday release included the fix for the TCP flaw, which affects Windows Server 2003 and 2008, as well as Windows Vista, both the 32-bit and 64-bit editions, and Windows 2000 SP4, for which no fix is coming. The TCP flaws were identified several years ago and were made public last year by two researchers at Outpost24, Jack C. Louis and Robert E. Lee. Louis, who has since died, developed a tool called Sockstress that tested for the flaw and was able to maintain extremely long-term TCP connections with remote machines using very little bandwidth."

67 of 114 comments (clear)

  1. very, very old vulnerability by neko+the+frog · · Score: 4, Funny

    I mean, Robert E. Lee has been dead for *decades*.

    --
    -- the opinions stated above aren't those of my employer. in fact, they're probably not even my own. you know what, ju
    1. Re:very, very old vulnerability by UncleTogie · · Score: 2, Funny

      It must have taken an army of coders to fix these flaws.

      It was easy. They had confederates!

      --
      Don't tell me to get a life. I'm a gamer; I have LOTS of lives!
  2. Hey things take time. by palegray.net · · Score: 4, Funny

    Just think of all the meetings that had to be convened, coffee brewed, dinners expensed discussing the potential impact of these flaws, input from the legal department on the cost of fixing the bug versus potential liability including agreement to the shrinkwrap license that absolves MS of any liability unless a judge someday says otherwise, reading the tea leaves, God the list goes on and on.

    I'm proud of them for releasing this fix in such a timely fashion.

    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    1. Re:Hey things take time. by thePowerOfGrayskull · · Score: 5, Insightful

      Alternatively, just think of what would have happened if either of those giants had released a patch for something as fundamental as the TCP stack that introduced a new bug or worse hole; then automatically pushed it to millions of users. A year might be excessive, but considering the size of their userbases... I can understand it.

    2. Re:Hey things take time. by ThePhilips · · Score: 3, Insightful

      Yes, absolutely. TCP is so complicated that only few engineers know precisely how it works and can patch the flaw. And probably it also lacks test tools. OMG. I'm so happy that it took them only a year.

      /sarcams

      WTF. Get real. TCP is studied and implemented as a lab assignment now in pretty much every university by all who in any way relate to network programming. Test tools and analyzers are abundant (both hardware and software) and can simulate pretty much any kind of load. There are even commercial companies selling (at size of MS and Cisco) for pennies ready suits of test cases for TCP.

      Longest way: rent an analyzer (2-4 weeks longest for it to get shipped to your office), buy a suit of test cases (0 days), run the tests (1-2 days, normally less), patch the hole (1-2 days), rerun the tests (1-2 days). IOW, if they really cared, they could have released a patch within 2-3 weeks. Heck, I have seen people implementing basic TCP quicker than that.

      This is simply another display of arrogance on part of big vendors. Nothing new here. Move on.

      --
      All hope abandon ye who enter here.
    3. Re:Hey things take time. by Anonymous Coward · · Score: 5, Insightful

      WTF. Get real. TCP is studied and implemented as a lab assignment now ...

      Your point that TCP programming is practiced in abundance is well taken, but my experience has taught me that anything related to network programming in general, and TCP/IP implementations in particular (particularly where interoperability between your product and TCP stacks you've never seen before is concerned) is astoundingly difficult, and that anyone who believes that they've got all the bases covered, that they've foreseen everything that could go wrong, and that they're in the clear because their tests indicates that all their stuff is RFC-compliant will be the first to get their asses kicked hard after they release their product.

    4. Re:Hey things take time. by ClosedSource · · Score: 1

      How comprehensive are these TCP "lab assignments" and are students allowed only RFCs as a reference?

    5. Re:Hey things take time. by ThePhilips · · Score: 1

      True. (Wouldn't lie - I personally implemented in past only about 50% of TCP.)

      Nevertheless, it's pretty well known fact that MS took their implementation of TCP from BSD which apparently doesn't have the problem. More than that they took fresh implementation from FreeBSD relatively recently for 2003 Server.

      Cisco IIRC also uses FreeBSD TCP implementation.

      In other words, I still fail to see the problem: likewise they could have lifted the solution for the problem from the very same source where from they took their TCP implementation originally.

      If I'm not mistaken, the problem was fixed last October in Linux. I doubt it took BSD folks longer.

      --
      All hope abandon ye who enter here.
    6. Re:Hey things take time. by ThePhilips · · Score: 1

      Sometimes they are quite comprehensive BTW as they are used further for internal research. But only sometimes.

      As for RFCs, in my experience few students actually read them. TCP implementation is scattered over many STDs/RFCs and gathering them together is a pain. Most prefer to cheat using some TCP book.

      What you say is a valid concern. But my point was different: no way there is a technical reason for one year delay for the fix in so well known piece of software as the TCP stack. (Which in MS's case is a verbatim copy of FreeBSD's stack.)

      --
      All hope abandon ye who enter here.
    7. Re:Hey things take time. by ClosedSource · · Score: 1

      Well, your point seemed to be that TCP was trivial.

      We don't know all the details but it seems to me that there is no reason why MS and CISCO would take a year fixing it other than a technical reason.

    8. Re:Hey things take time. by rliden · · Score: 1

      If the fix was so easy then the death of Jack Louis wouldn't have hampered the patch process. TFA mentions that even though he was in good contact with others and kept good notes his death caused a big slowdown in finishing the research and patch.

      It's always easy to find other peoples bugs and go on about how easy it would be to fix it. It only gets hard when you're coding the bugfix and the obvious solutions aren't fixing the problem.

      --
      Don't think of it as a flame, more like an argument that does 3d6 fire damage.
    9. Re:Hey things take time. by jhol13 · · Score: 1

      Yes, than God it does not affect Linux!
      https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html

      Oops ... well, at least Linux fixed it promptly!

      http://kbase.redhat.com/faq/docs/DOC-18730
      "Due to upstream's decision not to release updates, Red Hat do not plan to release updates to resolve these issues"

      Oops ... well, anyway Windows suck!

    10. Re:Hey things take time. by palegray.net · · Score: 1

      Heh, RedHat isn't Linux. They're a vendor, and a completely corporate one at that. This is why I've always stuck with Debian, for the record.

      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    11. Re:Hey things take time. by anss123 · · Score: 2, Informative

      Nevertheless, it's pretty well known fact that MS took their implementation of TCP from BSD which apparently doesn't have the problem. More than that they took fresh implementation from FreeBSD relatively recently for 2003 Server.

      Um, no. They took a streams BSD stack for Windows NT 3.1, but they didn't like streams for some reason and implemented their own a sockets based stack for NT3.5. See: http://www.kuro5hin.org/?op=displaystory;sid=2001/6/19/05641/7357

    12. Re:Hey things take time. by MarkKB · · Score: 1

      STREAMS was always meant to be a temporary solution - it was slow and clunky, but it served as a stopgap while Microsoft worked on their own TCP stack.

      Incidentally, when they ported STREAMS, they also ported the command line tools ("ftp", ect)that came with them, which were themselves ports of BSD's command line tools. Since the programs worked, they saw no reason to replace them.

      Of course, when the tech press discovered they were ports (via disassembly, IIRC), they went crazy about it, as tech press does. And thus was born the myth that Windows NT's network stack was based on BSD's.

      (Of course, all this is moot since Microsoft completely rewrote the network stack in Vista.)

    13. Re:Hey things take time. by shutdown+-p+now · · Score: 2, Interesting

      Nevertheless, it's pretty well known fact that MS took their implementation of TCP from BSD which apparently doesn't have the problem. More than that they took fresh implementation from FreeBSD relatively recently for 2003 Server.

      It's also fairly well known that TCP/IP stack was rewritten from scratch in Vista/Win2008, with no BSD code left. So this doesn't seem to be relevant.

    14. Re:Hey things take time. by cowbutt · · Score: 1

      Um, you know what Red Hat mean when they say 'upstream', right? That means no distribution will have the fix unless they develop one themselves, since Linus isn't including one.

    15. Re:Hey things take time. by palegray.net · · Score: 1

      That's exactly my point. Other distributions (also "not Linux") fixed the problem.

      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    16. Re:Hey things take time. by cowbutt · · Score: 1

      Are you quite sure Debian supplied a kernel fix? Only searching debian.org for CVE-2008-4609 doesn't find anything relevant.

    17. Re:Hey things take time. by palegray.net · · Score: 1

      Debian's kernels are fixed. I upgraded my Lenny systems recently to patch against the issue.

      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    18. Re:Hey things take time. by cowbutt · · Score: 1

      Where is it documented that Debian's kernels are fixed? Have you got a link?

    19. Re:Hey things take time. by palegray.net · · Score: 2, Informative

      I'm not going to do all your research for you. About five seconds of Googling yields this Ubuntu page: Ubuntu Security Notice USN-819-1. Debian's notices shouldn't be that hard to find, either. Of course, you can always just try the proof of concept code on an updated Debian system if you seriously doubt the maintainers.

      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    20. Re:Hey things take time. by cowbutt · · Score: 1

      USN-819-1 references CVE-2009-2692 not CVE-2008-4609 (i.e. the issue we're talking about here). The details don't match CVE-2008-4609 either. Searching Debian's security announcement list for CVE-2008-4609 finds nothing.

      Debian (and by extension, Ubuntu) do a fine job of producing distributions and keeping them pretty secure. But you've not substantiated your claim that they've implemented their own kernel fix for CVE-2008-4609.

    21. Re:Hey things take time. by palegray.net · · Score: 1

      Yeah, I did grab the wrong USN page. I cross-referenced the recent local privilege escalation issue by mistake.

      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    22. Re:Hey things take time. by palegray.net · · Score: 1

      Until I can determine otherwise, I've got to retract my statement that this is fixed in Debian. I can't find any noise on any lists about this particular CVE with respect to Debian. I'll keep watching it, though.

      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  3. Re:Better Late than never? by Anonymous Coward · · Score: 4, Informative

    From the MS bulletin:

    Non-Affected Software
    Operating System
    Windows XP Service Pack 2 and Windows XP Service Pack 3*
    Windows XP Professional x64 Edition Service Pack 2*

  4. i reall want an objective by nimbius · · Score: 3, Insightful

    and straightforward reason why these companies dont issue these patches sooner. "we dont have the resources" or "it just isnt hurting our bottom line yet" would be awesome to hear. i mean, if google can come out and do it then it says alot about the old guard if they cant.

    --
    Good people go to bed earlier.
    1. Re:i reall want an objective by Anonymous Coward · · Score: 2, Informative

      Did you read Cisco's list of vulnerable hardware? It certainly takes a long time to test all of your currently supported hardware, test and release updates for all of them, many of which have multiple supported trains of software support that the fix needs to be rolled in to.

    2. Re:i reall want an objective by Arainach · · Score: 1

      Two reasons:

      (1) Because companies have discovered that it's far better for the PC ecosystem to release patches in a coordinated system (such as "Patch Tuesday") that corporations, etc. can plan for than to release everything ASAP

      (2) Because regression bugs happen, and it's important to tests hotfixes thoroughly, particularly when they affect core functionality like, say, TCP/IP networking.

  5. what's the point of IOS? by RelliK · · Score: 2, Insightful

    Obviously at the time IOS was designed, everyone would write their own special-purpose operating system for embedded devices. These days, wouldn't it make more sense to just scrap it and switch to Linux? Lots of other manufacturers are doing it (Linksys, Netgear, D-Link, etc.). This would certainly prevent this kind of embarassment.

    --
    ___
    If you think big enough, you'll never have to do it.
    1. Re:what's the point of IOS? by Anonymous Coward · · Score: 1, Informative

      Cisco has done this with newer platforms and code trains. Their ASA platform is based upon linux..

      I think they have seen the light, but like a massive oil tanker things take time to change.

    2. Re:what's the point of IOS? by mat128 · · Score: 2, Funny

      Obviously at the time IOS was designed, everyone would write their own special-purpose operating system for embedded devices. These days, wouldn't it make more sense to just scrap it and switch to Linux? Lots of other manufacturers are doing it (Linksys, Netgear, D-Link, etc.). This would certainly prevent this kind of embarassment.

      you have no idea how big and dedicated the Cisco IOS is!

    3. Re:what's the point of IOS? by Paralizer · · Score: 1

      Can you explain why Linux would be better suited for this?

    4. Re:what's the point of IOS? by Nethead · · Score: 3, Informative

      Juniper maybe? Of course if you think routers are from Linksys, Netgear, D-Link, etc. then we're not talking the same type of router.

      --
      -- I have a private email server in my basement.
    5. Re:what's the point of IOS? by falzbro · · Score: 1

      Cisco IOS-XR, which is not vulnerable, has a Linux kernel.

    6. Re:what's the point of IOS? by Anonymous Coward · · Score: 2, Informative

      Mind you, JUNOS is based on FreeBSD, not Linux.

    7. Re:what's the point of IOS? by xZgf6xHx2uhoAj9D · · Score: 2, Informative

      It's not about better suited; it's about well suited. As long as it's good enough, why not take advantage of the free maintenance all the Linux hackers do for you?

    8. Re:what's the point of IOS? by the+linux+geek · · Score: 2, Informative

      Actually, I believe its QNX, not Linux.

    9. Re:what's the point of IOS? by mckinleyn · · Score: 1

      Lol. Because Linux hackers are (to a corporation) incomprehensible and unreliable. They have no contract that's broken if they choose NOT to help. History (linux people fix their software pretty much always) != reliability.

    10. Re:what's the point of IOS? by falzbro · · Score: 1

      Whoops, I guess I was thinking IOS-XE, which is vulnerable.

    11. Re:what's the point of IOS? by jonnyt886 · · Score: 1

      I'd say IOS isn't just the software that runs their routers and so on, IOS is behind a product portfolio and provides Cisco with a vendor lock-in strategy (for want of a better phrase)...

      Firstly, IOS is the operating system but on top of that, they can sell IOS as an individual product (even if it only comes bundled with other ones, it's good material for the marketing department) and they also have the numerous Cisco certifications that revolve around (or heavily involve) the usage of IOS.

      Secondly, the lock-in thing. You train up a load of engineers to use just IOS for routers and of course the next time kit needs replacing those engineers (or their managers) will instinctively go for Cisco kit because no re-training is required. That is, of course, unless some other provider offered a product that touted benefits that outweighed these retraining costs... but I think that unlikely.

    12. Re:what's the point of IOS? by xZgf6xHx2uhoAj9D · · Score: 1

      So what? Is x Linux hackers + y CISCO employees working on some code worse than y CISCO employees working on some code? If the Linux hackers don't do what you want them to do, fine, fork the code in the worst place. You're no worse off than you were just working on your own.

    13. Re:what's the point of IOS? by longfalcon · · Score: 4, Insightful

      are you kidding?

      Linksys was acquired by cisco.
      there is about as much difference between Linksys and cisco routers as there is between a weekend yacht and a freighter.

      IOS was designed to be an enterprise embedded solution, not for some Joe Bloggs out there who needs to hook up two computers to his cable connection.

    14. Re:what's the point of IOS? by gad_zuki! · · Score: 5, Informative

      First off, a lot of these embedded OSs are real time OSs. Linux vanilla isnt.

      So lets say your company standardized on dd-wrt, which is popular and a solid product, but look at the recent security issue:

      http://routerip/cgi-bin/;command_to_execute

      Thats right, the command goes right there and it runs as root. Thats a nightmare level security issue that CS101 students should be ashamed of, let alone from true hackers.

      So imagine if linksys standardized on dd-wrt. Just clicking on http://192.168.1.1/cgi-bin/;rm-r would destroy your router. That link could be be put everywhere on the web and would result in mass chaos.

      I think a lot of companies know the quality from even the most popular OSS projects can be highly uneven and hackers are just that: hackers. They hack things together. Good design and security testing is usually an afterthought.

    15. Re:what's the point of IOS? by jcnnghm · · Score: 3, Informative

      Too bad there isn't a -1 Wrong moderation. A high end Cisco router, and a Linksys consumer router are so fundamentally different that your assertion is laughable on its face. Perhaps the reason they are sticking with IOS is because their hardware and software is purpose built to shift orders of magnitudes more packets per second than LInksys Linux routers would ever be capable of? Watch out for the corporate conspiracy black helicopters though.

      --
      You don't make the poor richer by making the rich poorer. - Winston Churchill
    16. Re:what's the point of IOS? by Empty+Threats · · Score: 1

      Cisco also sells a prominent line of layer-3 switches (almost routers) based on Linux, running "NX-OS." The interface is similar to classic IOS.

      (IOS-XR, however, is QNX.)

    17. Re:what's the point of IOS? by abigor · · Score: 2, Informative

      No, you are completely wrong. You clearly have no experience whatsoever with Cisco hardware and have no idea what you're talking about.

    18. Re:what's the point of IOS? by Anonymous Coward · · Score: 1, Informative

      As if 'good design and security testing' always happens at large corporations like Cisco... right. That kind of stuff gets undercut all the time. They take the option of just waiting for the bugs to be found and patch them after the fact.

    19. Re:what's the point of IOS? by dopodot · · Score: 1

      "IOS" has been rewritten and released half a dozen times, as NX-OS (which is Linux based), IOS-XR, IOS-XE (also Linux based), Modular IOS, and another major one in the pipeline. They all offer the same basic CLI interface that CCNA holders would be familiar with and instantly able to use.

    20. Re:what's the point of IOS? by L4t3r4lu5 · · Score: 1

      I know that my Cisco router is much better than my home D-Link router. The Cisco one:

      - Is twice the size
      - Requires storing in a wall mounted rack
      -Cost two orders of magnitude more
      - Has more fans

      For all the noise it makes, it bloody well best be more efficient than my home router.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
  6. Re:Better Late than never? by Monkeedude1212 · · Score: 1

    My mistake, you may now mod me "-1 RTFA"

  7. Realistic impact? by ACMENEWSLLC · · Score: 1

    This is something the press would be screaming end of the Internet if they got their hands on it.

    What's the reality? Is this easy to exploit and is the Internet going to come crashing down?

    1. Re:Realistic impact? by afidel · · Score: 1

      It's like a SYN flood for most products (possible resource exhaustion) though all unpatched Vista derivatives (Vista, Server 2008, Win7, Server 2008 R2) have remote code vulnerabilities. Basically if you are upatched and someone wants to they can fill up the TCP memory on anything of yours that talks to the internet and knock that service or device offline while requiring very little resources on their part.

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  8. Windows 2000 (W2K) SP4... by antdude · · Score: 3, Interesting

    http://www.microsoft.com/technet/security/bulletin/ms09-048.mspx mentioned no updates for Windows 2000 SP4 because it requires a major change in operating system (OS). If no fixes, then what will stop it? Hardware routers and/or software firewalls for those who still use it?

    --
    Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    1. Re:Windows 2000 (W2K) SP4... by fbwhrdpmtajg · · Score: 1

      Just schedule a reboot, hopefully you are transitioning away from it for critical systems since all security fixes for it will stop in 10 months anyway.

    2. Re:Windows 2000 (W2K) SP4... by paganizer · · Score: 1

      1st off, I can't duplicate it for Win2k. I'm using Windows 2000 Advanced Server as my testing machine, but that really shouldn't be an issue.
      2nd off, the release says the worst possible thing that can happen to Win2k is a DoS; the intense hatred microsoft has for people still using Win2k makes me think that they are possible telling an untruth.
      3rd off, I'd be sort of suspicious when the same thing applies to Win2k3 also; they aren't making money from windows 2003 these days, only the operating systems that ARE drastically affected by the problem.
      Regardless, with either Win2k or Win2k3, set it up right and you don't have to worry about it. TCP/IP filtering for the win. Tiny personal Firewall v2.x doesn't hurt.

      --
      Why, yes, I AM a Pagan Libertarian.
  9. Re:cotton bots, sand bots, rice bots by Nethead · · Score: 1, Offtopic

    Kill all humans!

    --
    -- I have a private email server in my basement.
  10. Re:Better Late than never? by bertoelcon · · Score: 2, Funny

    You must be new here, by not RTFA you get "+1 normal /. reader".

    --
    Anything can be found funny, from a certain point of view.
  11. DoS flaw, really? by miffo.swe · · Score: 1

    In Microsofts case i read the bulletin as it allows remote code execution in w2k8 and Vista. Thats very unpleasant considering it happens in the TCP/IP level and not higher up. Im no hacker but from what i can understand this exploit allows a hacker to own ANY affected system directly over the internet as long as any port on that target is accessible. I really hope im reading this wrong.

    A firewall wont help at all in that case and critical is a very moderate rating indeed. Im very glad we havent upgraded to w2k8 yet.

    --
    HTTP/1.1 400
  12. It was a joint release date by Anonymous Coward · · Score: 4, Informative

    Today was a joint release date. That is to say: Everyone agreed that nobody would release their fix(es) until everyone was ready.
    This was done to ensure that an attacker did not reverse engineer one company's fix, and use the flaw to wreck havoc on another company's products.
     

    And "Everyone" in this case includes more vendors than just Microsoft & Cisco. The firm I work for released our fix(es) for this issue today.
     

    Instead of someone disclosing a security problem one month before the vendor's next scheduled patch date, wouldn't you prefer that a major remote flaw affecting hundreds of companys' products be hidden until most of them were ready to be patched?

    1. Re:It was a joint release date by Anonymous Coward · · Score: 1, Insightful

      No, because I know that people who are willing to exploit the flaw already know how it works. For a start, you had to tell everyone in all the affected companies how it worked so they could fix it. And they told their sub contractors, who told some guy in India, who put in on his blog.

      I'd rather reward those that fixed it fast, or told me how to work around it. And if they don't, or can't, I'd rather know about it so I can do something myself.

      Put it this way, if I found out that most major manufacturers car's airbags could be remotely activated with, say, a cheap easy to build RF device, would you like me to not tell you about it for two years while the companies and their suppliers talk about it and organise to release a fix for it. All the while you are driving along not knowing that some in-the-loop terrorist is about to set of every airbag in the city, all at once?

      Or would you rather I tell you so you can choose not to drive the car?

  13. windows 2003 patch by lakshman6 · · Score: 1

    so when can we expect a windows 2003 patch to come? anyone know the date?

  14. TCP/IP Filtering stalls this bug in Windows 2000 by Anonymous Coward · · Score: 2, Informative

    See subject-line, & this quote from the pages @ MS on how to "mitigate" this type of attack (easily done really):

    http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx

    "To help protect from network-based attempts to exploit this vulnerability, enable advanced TCP/IP filtering on systems that support this feature"

    I cover how to do that (& really, EVERYONE should on Windows 2000/XP/Server 2003, because it acts as another "layer" of defense, for "layered security" above & beyond std. firewalling, because it uses ipfltdrv.sys, which acts PERFECTLY FINE alongside all other defenses)

    I cover a LOT of this here, & IP FILTERING'S VERY EASY TO SETUP (you may want to refer to the IANA ports list though, for YOUR particular needs, it does help):

    -----

    HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, plus, make it "Fun-to-Do", via CIS Tool Guidance (& beyond):

    http://www.tcmagazine.com/forums/index.php?s=33555fc937017deab726a927c1c4a7fd&showtopic=2662

    (You MAY want to look @ points #3 - #5 there, they cover IP Filtering, IPSec, & more... specifically in regards to this, & protecting yourself vs. it, on Windows 2000... it SHOULD work, according to MS, & it is JUST GOOD "LAYERED SECURITY" anyhow!)

    -----

    Now, the IP FILTERING (ipfltdrv.sys) works PERFECTLY FINE alongside ipnat.sys (firewall driver), & ipsec.sys (IP Security Policies) too... all of them, alongside TCP FILTERING, work fine "all @ once"/"concurrently"... + of course, alongside tcpip.sys, the base IP driver)

    The 3 other drivers work @ DIFFERENT LAYERS of the IP stack around tcpip.sys, making them function PRETTY MUCH like a "Zone Defense"/"Greek Phalanx", so if you take 1 down? The others are STILL IN THE WAY... it's neat - too bad MS did away with that w/ VISTA onwards now using the single layer (& thus, single "lock" only) WFP + NDIS6, which even the folks @ ROOTKIT.COM are stating is "much easier to unhook & bypass" vs. the older model whose architecture I just laid out...))

    APK

    P.S.=> Enjoy, that OUGHT to help you Windows 2000 folks out there, vs. this "bug"... do I think MS could fix it? Sure, but it'd "hurt business"... replace RDR20.DLL with MSWSOCK.DLL (for LSP/Layered Service Providers), the latter being what XP/Server 2003/VISTA onwards use, & it could be fixed imo... but, "that's business" for you! apk

  15. Re:BSD by dopodot · · Score: 1

    Cisco's moving towards Linux. That post is 2 years old, and they've not announced anything hinting that anything BSD will be coming out. I have a feeling they're willing to deal with the GPL (Linux) just so they don't have to adopt BSD years after Juniper did, which could be a little embarassing.

  16. Re:Better Late than never? by SEWilco · · Score: 1

    My mistake, you may now mod me "-1 RTFA"

    First, code a patch for "-1 RTFA".

  17. Re:Better Late than never? by sharkey · · Score: 1
    http://www.microsoft.com/technet/security/bulletin/MS09-048.mspx

    Today, they have XP listed as affected with the same impact as Win 2003 (DoS), just with a "low" rating and no patch. Windows 7 and Windows 2008 R2 are the only non-affected software.

    --

    --
    "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
  18. Re:More than Arrogance, Marketing. by thePowerOfGrayskull · · Score: 1

    "M$". I see what you did there. That was very clever. And original, too.