| 1 |
On Mon, 2002-05-27 at 20:00, Allix Primus wrote: |
| 2 |
> |
| 3 |
> While reading through page 17 of the 28 page Gentoo Linux Security Guide, I |
| 4 |
> noticed a lot of information pertaining to patching numerous holes in the |
| 5 |
> operating system through /proc. These vulnerabilities range from source |
| 6 |
> routed packets, to ICP redirect acceptance. After searching through quite a |
| 7 |
> few google pages, I didn't find any Windows specific content on these |
| 8 |
> topics. |
| 9 |
|
| 10 |
Windows has some of the same problems. Only windows does not support |
| 11 |
features like acting as a router per default. |
| 12 |
|
| 13 |
ICMP packets are dangerous no matter what OS you are using. The process |
| 14 |
of altering values in /proc is to harden the system and avoid DoS |
| 15 |
attacks or even helping others to make a DoS attack. |
| 16 |
|
| 17 |
The trick of altering a route is also know for windows machines and can |
| 18 |
probably be disabled. But per default any M$ machine will respond to a |
| 19 |
broadcast. And a windows machine will not per default drop strange hand |
| 20 |
crafted packets. |
| 21 |
|
| 22 |
> Are these security vulnerabilities only restricted to linux or can these be |
| 23 |
> changed on Windows systems as well? |
| 24 |
No .. the problem still exists .. but most people don't use windows as a |
| 25 |
router, they use a real router. But Linux can act as a router or a |
| 26 |
bridge and that is why you need some extra features turned off if you do |
| 27 |
not use them. |
| 28 |
|
| 29 |
Windows users normally rely on a personal firewall or a router in front |
| 30 |
of the server for filtering the right packets. But a router does not |
| 31 |
filter all ICMP packet correct or cannot filter then because some |
| 32 |
cracker tools use ICMP as a tunnel for other traffic. This tunnel can be |
| 33 |
used to send normal IP traffic without a firewall seeing it. |
| 34 |
|
| 35 |
> Any help or links would be greatly appreciated. |
| 36 |
> |
| 37 |
I hope this helped you and I'm sorry that I was not able to give you any |
| 38 |
links for windows but I haven't used a windows machine for any security |
| 39 |
project in a lot of years. |
| 40 |
|
| 41 |
Best regards |
| 42 |
Kim |
| 43 |
-- |
| 44 |
I'm the face that stares at you from the shadows. |
| 45 |
http://www.insecurity.dk |
Archives