[plug] windows and dhcp (was: linux firewall)

Christian christian at amnet.net.au
Wed Feb 28 10:54:06 WST 2001


On Wed, Feb 28, 2001 at 10:46:01AM +0800, Leon Brooks wrote:
 
> > Does Windows 9x run a DHCP server??
> 
> No, it runs a DHCP client which believes anything you tell it.

A bit like DNS really...

> > And if you were running a default install of Windows then those FTP and
> > DNS probes would have zilch effect.  As I said, the default installs of
> > most Linux distributions would be vulnerable to a remote root exploit.
> 
> Actually, the default ``Paranoid'' install for Mandrake 7.2 adds 
> `ALL:ALL EXCEPT localhost:DENY'' to /etc/hosts.deny and a portscan 
> reveals -nothing-. It also installs a SolarDesigner-patched kernel, 
> which fixes about 2/3 of all application buffer overflows - yes, even 
> ones which haven't been detected.

A *TCP* portscan.  Most DNS utilises UDP so this helps not one iota.

As for the Openwall kernel patch, it makes the stack non-executable
which stops buffer overflows that execute on the stack, i.e., most stock
exploits.  It doesn't stop buffer overflows in general and all those
stack smashing exploits can easily be re-written to execute their
shellcode on the heap.  It's a band aid security measure, nothing more
-- this is why it hasn't made it into the official kernels.  As
non-executable stacks I predict we'll see more exploits written to
attempt both and the protection will be worth nothing.

> > At least with Windows the user has to run malicious code to give a
> > remote attacker complete control over their machine.
> 
> No, all the user has to to is *receive* (not even read) email. Complete 
> service, we come to you... open wide!

This is Outlook-specific and, for what the little it's worth, the
vulnerability has been patched.

> 
> -- 
> I bought a new computer;
> it came fully loaded.
> The warranty was for 90 days,
> but in 30 't'was outmoded.

So you put Linux on it? ;-)



More information about the plug mailing list