Advertisement
 
To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------
Microsoft leaves window open for TCP/IP attack

By Victor Latona, Updates.com
December 04, 2000
URL: http://www.zdnet.com.au/news/security/soa/Microsoft-leaves-window-open-for-TCP-IP-attack/0,130061744,120107366,00.htm


Microsoft has acknowledged a new security flaw affecting several versions of their operating systems. Windows NT 4.0, 98, 98SE and Millennium are all affected by a recently unearthed denial of service attack that could render a user's PC temporarily useless.

"The vulnerability is principally significant to users of broadband connections..."

According to Microsoft, the vulnerability exists from improper implementation of NetBIOS over TCP/IP (NBT) protocol in Windows NT 4.0, Windows 95, 98, 98 Second Edition and Windows Me.

NetBIOS is a set of networking services for computer networking. NBT is the protocol standard describing how NetBIOS services are provided over TCP/IP.

If a malicious user were to send a large number of malformed network packets it could cause a local computer to stop receiving network services such as file and print sharing. According to Microsoft, network service should return to normal once the attack has been abandoned.

Under extreme circumstances a properly executed attack could cause the targeted computer to "hang." If this were to happen the machine could be put back into normal operation by rebooting.

The vulnerability is principally significant to users of broadband connections who have an "always on" connection to the Internet. If NetBIOS over TCP/IP is improperly implemented the machine is particularly vulnerable to attack.

Windows 2000 systems provide an alterative implementation schema and are not vulnerable to this type of denial of service attack.

Users of Windows NT4.0 can download the "Incomplete TCP/IP Packet" fix.

Microsoft has provided a workaround for users of Microsoft Windows 95, 98, 98 Second Edition and Me.

If you have file and print sharing implemented, this workaround will protect users of Windows 95, 98, 98 Second Edition and Windows Me from the "Incomplete TPC/IP attack."

Workaround
To disable the File And Print Sharing element of your Dial-up adapter:

  • Click Start, point to Settings, click Control Panel, and then double-click Network.
  • Click TCP/IP->Dial-up Adapter, click Properties, and next click Bindings tab.
  • Clear the File and Print Sharing check box, click Ok, and then click Ok again.
  • Restart your PC.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.