[139346] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: 0day Windows Network Interception Configuration Vulnerability

daemon@ATHENA.MIT.EDU (Nick Hilliard)
Mon Apr 4 13:53:52 2011

X-Envelope-To: <nanog@nanog.org>
Date: Mon, 04 Apr 2011 18:53:42 +0100
From: Nick Hilliard <nick@foobar.org>
To: nanog@nanog.org
In-Reply-To: <21466.42267.qm@web59615.mail.ac4.yahoo.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On 04/04/2011 16:46, andrew.wallace wrote:
> Someone has recently post to a mailing list:
> http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080096.html

There's a serious vulnerability in the default ipv4 configuration too: 
Windows will accept a reply from any DHCP server which replies.

The fix right now is for Microsoft to disable IPv4 by default.

I think I'm the first person in the world to notice this, so can you 
cross-post this to full-disclosure as a critical 0day?  kthx,

Nick


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[139346] in North American Network Operators' Group

Re: 0day Windows Network Interception Configuration Vulnerability

daemon@ATHENA.MIT.EDU (Nick Hilliard)Mon Apr 4 13:53:52 2011

daemon@ATHENA.MIT.EDU (Nick Hilliard)
Mon Apr 4 13:53:52 2011