Yes, the advisory is correct. Yes, you can trust it. Yes, you need to
worry about it if connected to the Internet via modem. There are script
kiddie tools available already to use this exploit. This will allow a
remote attacker to decide how to route the traffic in and out of your
computer. He could route the traffic from your computer through a computer
under his/her control. Considering that you are a credit union, you should
be concerned about this. If you connect to the credit union's computers via
your home internet connection, someone could conceivably intercept passwords
to the credit union's network with your level of access. Depending on the
type of connection you are using, you may or may not be able to turn DHCP
off. Ask your ISP. If they say you need DHCP, you need it. You may want
to dial directly into the credit union with a modem in this case or come up
with a VPN type product for your connection.
James Strompolis
Aleph Consultants, Inc.
[EMAIL PROTECTED], http://www.ribs.com
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 23, 1999 4:53 PM
Subject: Question about LOpht Security Advisory
> To all the minds out there,
> I need some help. I'm having trouble figuring out whether the advisory
> dated 8/19/99 at www.LOpht.com/advisories.html is something I really
> need to worry about or not. Please read on before going to the site to
> read the detail.
>
> I've not previously seen LOpht advisories mentioned here on this
> newsgroup as being something to worry about.
> Question 1. Is this advisory correct/can I trust it?
> 2. Is this something that a person with WIN95/98
> attached to the internet via a modem needs to be concerned with?
> 3. If so, then will the fix they say to use protect me?
>
> 4. What are the ramifications of turning DHCP off?
> (nope, not using it)
>
> I know some of you are cringing at my knowledge level. Be gentle, I'm
> learning.
>
> Thanks in advance,
> Michael Sorbera
> Webmaster
> Randolph-Brooks Federal Credit Union
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
