My day just got boring
-
Remotely exploitable kernel hole in XP and Vista. Arsetards.
-
@asuffield said:
Remotely exploitable kernel hole in XP and Vista. Arsetards.
At least, there's an easy workaround: Just turn off TCP/IP.
-
@ammoQ said:
@asuffield said:
Remotely exploitable kernel hole in XP and Vista. Arsetards.
At least, there's an easy workaround: Just turn off TCP/IP.
Alas, not all the Windows hosts are under my control. Hence, my day is going to consist of ensuring that all the firewalls do not pass IGMP.
I have quite a lot of firewalls.
-
IGMP... never heard of that before.
iptables -A FORWARD -p IGMP -j DROP
Problem solved?
What uses IGMP anyhow?
-
@Daid said:
IGMP... never heard of that before.
iptables -A FORWARD -p IGMP -j DROP
Problem solved?
I was reasonably sure that it would run into the default reject rules. The time-consuming part was testing every firewall to make sure that it did.
What uses IGMP anyhow?
It's part of ipv4 multicast, which doesn't actually work on the internet anyway. Another critical security hole in an unused and unwanted feature that you can't disable.
-
@Daid said:
IGMP... never heard of that before.
iptables -A FORWARD -p IGMP -j DROP
Problem solved?
What uses IGMP anyhow?
It's been years since I did networking but back in the day, I managed a WAN that used IGMP to synchronize the remote routers.
The config was the following
Location A <--> Router A <--> CSU/DSU A <--> T1 A <--> DAX at comm. company <--> T1 B <--> CSU/DSU B <--> Router B <--> Location B
We essentially had two T1's being split between voice and data. The communications company would DAX the matching channels together so the communication worked. I think we eventually switched over to BGP though.