Recent Posts


Email Notifications

Personal Links


Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Windows XP - ICS DoS vulnerabilities and POC exploit

Below are additional links to follow-up on the earlier good info Bill and Richard shared with us over the weekend.

Microsoft Windows NAT Helper Components DNS Denial of Service Vulnerability

QUOTE: A vulnerability has been identified in Microsoft Windows, which could be exploited by malicious users to cause a denial of service. This flaw is due to a NULL pointer dereference error in the NAT Helper Components ("ipnathlp.dll") when processing requests via the "DnsProcessQueryMessage()" and "NatCreateRedirect()" functions, which could be exploited by attackers on the LAN to crash the Service Host Process by sending a specially crafted DNS request to a vulnerable system with Internet Connection Sharing enabled.

Note : A proof of concept exploit has been published.

ISC: Remote DoS released targets Windows Firewall/Internet Connection Sharing (ICS) service component

Microsoft ICS DoS FAQ

Am I vulnerable Checklist:
1) Are you running Windows XP
2) Are you sharing your internet connection?

If the answer is yes to both of those, then you are vulnerable.

1) Disable Internet Connection Sharing.
2) Block UDP port 53 (DNS) on the computer that is sharing the internet, manually set the DNS Server to your ISPs DNS address.