Matt Curtin wrote:
>
> Hmm. I saw no mention of attempts to source-route traffic.
>
> I have been told that NT doesn't have the ability to detect and block
> source-routed packets. Are NT firewalls somehow detecting and
> dropping these things these days? Or is it true that NT firewalls are
> unable to block this attack without help from another component with
> half a brain (i.e., having the access router drop source routed
> stuff)?
It seems that SP5 (for NT4) fixes this. According to KB article Q217336
you can disable the "TCP/IP Source Routing Feature" via a new registry
key (http://support.microsoft.com/support/kb/articles/Q217/3/36.asp).
I didn't have time to check if it works and if source routed datagrams
only get dropped or also logged (in the case of a normal -not a
firewall- server).
nico.
--
------------- Nicolas FISCHBACH [[EMAIL PROTECTED]] -------------
Responsable Reseaux, Systemes et Securite ADELIS - groupe B.I.C
Network/System Administrator ADEC http://www.adec.fr/nicolas
Webmaster TIP6 http://tip6.lip6.fr Gsm: +33 (0)6.08.68.93.28
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
