Hacking group reveals IP-security glitch
August 13, 1999
by Kathleen Ohlson
(IDG) -- A hacking group says it's discovered a security vulnerability affecting Windows 95, 98 and 2000 as well as the SunOS and Solaris operating systems, allowing unauthorized users to intercept outgoing information.
The problem is related to the ICMP (Internet Control Message Protocol) Router Discovery Protocol (IRDF), which determines the way computers connect to the Internet. The glitch lets an attacker spoof a route, according to an advisory issued Wednesday by hacker-security specialists L0pht Heavy Industries (link below). As a result, attackers can reroute outbound traffic on vulnerable systems; modify traffic; act as "man in the middle;" or launch denial of service attacks, L0pht said. All of these attacks, excluding denial of service, require the unauthorized user to be on the same network as the victim, the specialists said.
Man-in-the-middle attacks occur when an attacker acts as "a proxy between the victim and end host," L0pht said. The victims think they are directly connected to the end host, but they are actually connected to the attacker, who is connected to the end host feeding information through. For example, an attacker acting as man in the middle may access all banking information online without the victim knowing, L0pht said.
A denial of service attack is when routers, T1 and T3 lines are jammed with data that prevent users from accessing a site.
According to L0pht's Weld Pond, Microsoft Corp. turned IRDF on by default for Windows 95 and 98, and it stays enabled even when a user has configured a system to turn it off. "This means that many people out there are running this vulnerable protocol and they don't know it," Weld said. "This is the crux of the security problem."
However, Microsoft said IRDP is enabled by default in Windows 95 and 98 "because the industry standard requires it." The company said IRDP attacks are due to "weaknesses in the protocol itself and not due to any security vulnerabilities in Microsoft products." Microsoft also said these attacks could happen with other vendors that implemented IRDF.
According to Microsoft, IRDF "assumes a benign environment" and can't check if any participants are deliberately providing false information. Agreeing with L0pht that an authenticated protocol would be more secure, Microsoft said it hopes L0pht plans "to design a more secure version of the protocol" and bring it to the Internet Engineering Task Force.
OPINION: A firewall can't do it all
RELATED IDG.net STORIES:
Want to prevent break-ins? Just ask a hacker
L0pht Heavy Industries advisory
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.