Dailydave mailing list archives
Re: Slashback!
From: Curt Wilson <curtw () siu edu>
Date: Tue, 17 Jan 2006 12:45:53 -0600
byte_jump wrote:
On 1/16/06, Dino A. Dai Zovi <ddz () theta44 org> wrote:Do you know how the firewall identifies a "friendly" network? Does the firewall tap into the wireless layer in Windows to get out the SSID and base station MAC address, or does it just verify the subnet? I don't actually "use" any of my windows boxes, so I have never used this kind of stuff :).Doesn't Windows XP have file and print sharing enabled for the local network so folks can share printers and files? If it's not enabled by default I'm sure it is manually enabled often enough, and being on the same 169.254.0.0/16 network would allow attacks over SMB, right?
An XP box I'm working with seems to repeatedly re-create a global firewall exclusion for file and print sharing at periodic intervals. I had previously tweaked the exception list but it didn't seem to last. I have not researched the behavior like I should have. I'd guess that if an attacker could DoS a DHCP server, lots of MS boxen would end up in the autoconfigure 169.254 range. Not sure if the autoconfigure properties change any firewall exceptions, but it could be an interesting although multi-stage attack. -- Curt Wilson IT Network Security Officer Southern Illinois University Carbondale 618-453-6237 GnuPG key: http://www.infotech.siu.edu/security/curtw.pub.asc
Current thread:
- Re: Slashback!, (continued)
- Re: Slashback! Dino A . Dai Zovi (Jan 15)
- Re: Slashback! H D Moore (Jan 15)
- Re: Slashback! Kurt Grutzmacher (Jan 16)
- Re: Slashback! Mike Kershaw (Jan 17)
- Re: Slashback! Kurt Grutzmacher (Jan 16)
- Re: Slashback! Technocrat (Jan 15)
- Re: Slashback! Alexander Bochmann (Jan 16)
- Re: Slashback! Dino A. Dai Zovi (Jan 16)
- Re: Slashback! Alexander Bochmann (Jan 16)
- RE: Slashback! Taylor, Gord (Jan 16)
- Re: Slashback! Dino A. Dai Zovi (Jan 16)
- Re: Slashback! byte_jump (Jan 17)
- Re: Slashback! Curt Wilson (Jan 17)
- Re: Slashback! Dino A. Dai Zovi (Jan 16)
- RE: Slashback! Taylor, Gord (Jan 16)
- RE: Slashback! Skyler King (Jan 18)
- RE: Slashback! Dave Korn (Jan 18)
- RE: Slashback! Skyler King (Jan 18)