Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
/

Hacking group reveals 'Net protocol security glitch

Today's breaking news
Send to a friendFeedback

Advertisement:

By Kathleen Ohlson

InfoWorld Electric, 08/12/99

A hacking group says it has discovered a security vulnerability affecting Windows 95, 98 and 2000, as well as the SunOS and Solaris operating systems, allowing unauthorized users to intercept outgoing information.

The problem is related to the Internet Control Message Protocol Router Discovery Protocol (IRDF) that determines the way computers connect to the Internet. The glitch lets an attacker spoof a route, according to an advisory issued Wednesday by hacker-security specialists L0pht Heavy Industries. As a result, attackers can reroute outbound traffic on vulnerable systems; modify traffic; act as "man in the middle"; or launch denial-of-service attacks, L0pht says. All of the attacks, excluding denial of service, require the unauthorized user to be on the same network as the victim, the specialists says.

Man-in-the-middle attacks occur when an attacker acts as "a proxy between the victim and end host," L0pht says. The victims think they are directly connected to the end host, but are actually connected to the attacker, who is connected to the end host feeding information through. For example, an attacker acting as man in the middle may access all banking information online without the victim knowing, L0pht says.

A denial-of-service attack is when routers, T-1 and T-3 lines are jammed with data that prevent users from accessing a site.

According to L0pht's Weld Pond, Microsoft turned IRDF on by default for Windows 95 and 98, and it stays enabled even when a user has configured a system to turn it off.

"This means that many people out there are running this vulnerable protocol and they don't know it," Weld says.

However, Microsoft says IRDF is enabled by default in Windows 95 and 98 "because the industry standard requires it." The company says IRDF attacks are due to "weaknesses in the protocol itself and not due to any security vulnerabilities in Microsoft products." Microsoft also says these attacks could happen with other vendors that implemented IRDF.

According to Microsoft, IRDF "assumes a benign environment" and cannot check if any participants are deliberately providing false information. Agreeing with L0pht that an authenticated protocol would be more secure, Microsoft says it hopes L0pht plans "to design a more secure version of the protocol" and bring it to the Internet Engineering Task Force.

RELATED LINKS

Security alert
Find out the latest holes in programs from Network World.

Feedback
Tell us your thoughts on this article or the issues it raises.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.