On the subject of insecurities in cable environments here is a real one. The Windows
98 stack will listen to ICMP router advertisements and enter a new default route with
metric 1000 if the advertisement uses the default preference of 0. Router
advertisements are sent to the all hosts multicast address therefore they cross all
bridge boundaries. If the station receives an ICMP destination unreachable from its
configured default it will then change to the second default route. This will result
in a denial of service if the originator of the advertisement does not forward the
traffic, or a lovely opportunity to sniff traffic if he does. Win95 and NT do not
appear to respond to router advertisements.
Question - does anyone know of a registry setting to turn off listening to router
advertisements?
Laris
By the way, the win98 implementation of router advertisement preference is broken.
Preferences greater than 1000 are interpreted as hi-metric/low-priority routes.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
