Article: New Windows exploit could disable firewall

[Flying-Q]

Humphrey Cheung

Redmond (WA) - Security researchers have discovered a new Windows flaw that could allow hackers to crash the built-in firewall. By sending malformed DNS packets to vulnerable machines, hackers could disable and eventually bypass the operating system firewall. So far only Windows XP computers with the Internet Connection Sharing (ICS) service turned on are affected by the attack.

Internet Connection Sharing is a service inherited from the early days of networking when hardware routers were rare and expensive. The service allows one computer to share an Internet connection with several internal computers. ICS creates an internal DHCP and DNS server to give IP addresses and domain name information to the internal network.



Ncircle's Tyler Reguly has posted more information about the exploit on his company blog. He says the attack is directed at the virtual DNS server and must come from inside the internal network. Malformed DNS packets can crash the DNS server which causes a chain reaction and crashes ICS and then the firewall.

The new exploit shouldn't be a major problem for most Windows users because the vulnerable ICS service must be explicitly turned on. The ICS menu option is located in a rather obscure spot under the Window's network properties and is mainly tinkered with by MCSE students or very curious people. In addition, inexpensive modern routers, which split Internet connections and provide basic firewall services, have eliminated any need to use ICS.

Bold and italics by me for emphasis.

I think that this WILL a be a problem for any home network where the broadband connection is via a USB connected ADSL Modem and the connection is shared with other computers in the household using InternetConnectionSharing. This is automatically switched on during the CreateHomeNetwork wizard and more to the point; it must be switched on to share that connection.

Q

 

[casemods]

Is there a point?

I mean, I have trained my dad good enough not to put personal info on the pc.

Is there a reason why you should care that "hackers" get past windows firewall?

If you need to use the pc for personal data, just turn un-plug the cables.

These types of stories only get noobs panicking.

 

[Flying-Q]

Is there a point?

I mean, I have trained my dad good enough not to put personal info on the pc.

Is there a reason why you should care that "hackers" get past windows firewall?

If you need to use the pc for personal data, just turn un-plug the cables.

These types of stories only get noobs panicking.

Yes there is a point - If the hackers are in then 'allyourmachinesarebelong2us' - trojans, zombies, general slowdown, sheer hassle of cleaning dad's machine, etcetera.

 

[casemods]

Is there a point?

I mean, I have trained my dad good enough not to put personal info on the pc.

Is there a reason why you should care that "hackers" get past windows firewall?

If you need to use the pc for personal data, just turn un-plug the cables.

These types of stories only get noobs panicking.

Yes there is a point - If the hackers are in then 'allyourmachinesarebelong2us' - trojans, zombies, general slowdown, sheer hassle of cleaning dad's machine, etcetera.

Well my dad never goes on, he hasn't checked his email (lol) for more then a month, and even if his comp did get infected and I had to format, he would just use mine for an hour to check his yahoo personals (lol)

I know where you are coming from, don't get me wrong, my school has some tight security measures, at least now that they decided to upgrade the 800mhz with 98, up to 2.0 ghz's with 512mb of ram and 128 integrated video with XP, and finally created student accounts with limited access.

But all I'm saying is that if someone wants to get through they will, but I'm not saying that taking extra steps to protect won't help either.