The advisory is well-written (http://www.LOpht.com/advisories/rdp.txt) and
clearly states the threats. And the only threat to a dial-up user is
denial-of-service - there is no possibility of your traffic being routed through
anything other than your ISP's router. As stated in the advisory, for sniffing
or MITM to work the attacker must have a machine on the target's network (and
really this means the target's subnet).
The most likely ones at risk for the sniffing and MITM exposures are those
connected to unfiltered cable modems. With such a connection you may share a
subnet with dozens or more other customers. Any of these could (if your ISP
doesn't block it) redirect your traffic to their own machine. Others at risk
are those with machines colocated on a lan with untrustable systems, folks on an
edu lan, or similar configurations.
Back to the original questions:
The suggested fix should protect you (but, again, the only threat to a dial-up
user is DoS).
The advisory doesn't suggest turning off DHCP (doing that could cause a problem
with a few ISPs); it tells you to turn off Router Discovery.
Tony Rall
"James Strompolis" <[EMAIL PROTECTED]> on 08/23/1999 19:53:52
Please respond to "James Strompolis" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
cc:
Subject: Re: Question about LOpht Security Advisory
Yes, the advisory is correct. Yes, you can trust it. Yes, you need to
worry about it if connected to the Internet via modem. There are script
kiddie tools available already to use this exploit. This will allow a
remote attacker to decide how to route the traffic in and out of your
computer. He could route the traffic from your computer through a computer
under his/her control. Considering that you are a credit union, you should
be concerned about this. If you connect to the credit union's computers via
your home internet connection, someone could conceivably intercept passwords
to the credit union's network with your level of access. Depending on the
type of connection you are using, you may or may not be able to turn DHCP
off. Ask your ISP. If they say you need DHCP, you need it. You may want
to dial directly into the credit union with a modem in this case or come up
with a VPN type product for your connection.
----- Original Message -----
From: <[EMAIL PROTECTED]>
> To all the minds out there,
> I need some help. I'm having trouble figuring out whether the advisory
> dated 8/19/99 at www.LOpht.com/advisories.html is something I really
> need to worry about or not. Please read on before going to the site to
> read the detail.
>
> I've not previously seen LOpht advisories mentioned here on this
> newsgroup as being something to worry about.
> Question 1. Is this advisory correct/can I trust it?
> 2. Is this something that a person with WIN95/98
> attached to the internet via a modem needs to be concerned with?
> 3. If so, then will the fix they say to use protect me?
>
> 4. What are the ramifications of turning DHCP off?
> (nope, not using it)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
