Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: MS 0Day shows up on milw0rm

  1. #11
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Thats just great HT.....

    Good for you.....

    Isnt it great when you work in something you love....and all the hard work you have put into it ...actually gets noticed.....recognized by your peers....

    or even for that matter...by your employer
    Doesnt happen often......at least not where I am

    As I said before ...great job!!!!!

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  2. #12
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    You've also managed to piss some people off.

    http://blogs.zdnet.com/Ou/?p=358

    I was under the impression that you could disable ICS without shutting off your firewall. They are the same service, but you can uncheck "share this connection" or whatever and still have your firewall active.

    I don't see a need to disable ICS at all. The chances are very low that someone on your INTERNAL network is going to attack the internet gateway. If so, you deserve it. Who would use a windows box with ICS or the ICF as their gateway/firewall anyway?! At LEAST use some third party software if you're going to do this. Something that will actually give you a little bit of control over your gateway.

    Hardware routers/firewalls are a dime a dozen today and use far less energy than a full blown PC that has to be left on all the time.
    Last edited by phishphreek; October 31st, 2006 at 05:10 PM.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #13
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Quote Originally Posted by phishphreek80
    You've also managed to piss some people off.

    http://blogs.zdnet.com/Ou/?p=358

    I was under the impression that you could disable ICS without shutting off your firewall. They are the same service, but you can uncheck "share this connection" or whatever and still have your firewall active.

    I don't see a need to disable ICS at all. The chances are very low that someone on your INTERNAL network is going to attack the internet gateway. If so, you deserve it. Who would use a windows box as their gateway/firewall anyway?!

    Hardware routers/firewalls are a dime a dozen today and use far less energy than a full blown PC that has to be left on all the time.
    There are a few of these... I'm actually working through a rebuttal right now.. and yes you are correct, There is the parent service that is the same and it has two child services that can be enabled / disabled independantly...

    And yes it is a low risk threat... but still a threat... The idea of a router is great... That would be what you'd do if you disabled ICS (i thought it was implied) when I said to disable that means of sharing the connection...

    The risk isn't huge, but it does exist... My intention was to inform people of the risk... that was all... I will link my rebuttal post that has the explanation of why my options are perfectly valid once it is posted.

    HT.

  4. #14
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Go get em HT

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #15

  6. #16
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    By the way ...

    *Points to the EIT Security Planets News at the top of the page*

  7. #17
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Quote Originally Posted by HTRegz
    edited:
    And yes it is a low risk threat... but still a threat... The idea of a router is great... That would be what you'd do if you disabled ICS (i thought it was implied) when I said to disable that means of sharing the connection...
    edited:
    HT.
    Not necessarily. If you're going to use a dedicated box... please trust something that isn't based on m$. I've can't recall a "security" product from them that I would personally trust. If you can't afford a dedicated hardware router/firewall, there are alternatives.

    http://ipcop.sourceforge.net/ comes to mind.

    I've used it a couple of times now. Easy for any n00b to setup. Actually, easier than installing m$ with ICS and you can actually manage it! Plus, you might actually learn something about security! IDS/DNS/DHCP/Proxy/Firewall/VPN/Dynamic DNS/etc. all for the low cost of $0. Of course, I'm assuming you're going to install it on the box you were using ICS for. Well, ok, maybe $5 for a second nic... but still.

    Not to mention, there are a sh17 load of plugins depending on your needs.

    Either way. Nice handling of the situation. Some people jump the gun without understanding security or the inner working of the services they are reporting on. That guy george was completely clueless. I didn't pay much attention to this whole thing and I saw his blog post as what it was... BS.

    The only thing I don't agree with, as you can see, is people using m$ as their freaking firewall/router. Stupid stupid stupid.
    Last edited by phishphreek; November 1st, 2006 at 03:48 AM.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  8. #18
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Quote Originally Posted by phishphreek80
    The only thing I don't agree with, as you can see, is people using m$ as their freaking firewall/router. Stupid stupid stupid.
    It's not something that I condone either... then again I don't always condone the MS Firewall... but people do it... for better or worse they do it...

    Great Example:

    You go away to college/university... You've got a desktop and a laptop to take to class... Only 1 network jack in your dorm though... Network Policy says no Routers/Switches/Hubs... What do you do... Spoof the MAC Address so it doesn't look like linksys... then what if they do OS detection with nmap and determine what it is...(Not that you know any of this) you just know if they catch you with a router you lose your internet.. So you plug in your desktop.. pay the geek down the hall 20 bucks to setup ICS and away you go plugging your laptop into your desktop... (I saw this scenerio when I was working at the college)... Not that routers were checked for with those active measures... but a lot of students had ICS... many also had it because their parents had a computer and they bought theres.. when they go home for 4 months in the summer they share the connection... There are plenty of scenerios that geeks don't consider...

    So take that same student... they pay to have it setup... the geek also gives them a User account to run with instead of Administrator (much more common in the colleges than you'd think.. .consider I thought I'd see 0%)... So you download malware... you have ics sharing with your laptop... the malware can't spread because of our firewall.. but if it uses this malformed DNS packet it can kill the firewall and spread away...

    I'm not saying these are common or likely... but I have seen them.. and they do exist... Full Disclosure and informing the community means taking into account everyone.. even the lowest common denominator...

    Just because I don't like Fords and I don't think many people drive escorts these days... should I not inform people that their Escort will explode if they drive for 10KM at under 25KM/hour...

    Not arguing (since there's nothing to argue in this thread) just pointing out some ideas and thoughts on it..

  9. #19
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Ahh.. seems that some people are calling this publicity seeking FUD...

    http://www.theregister.com/2006/11/0..._exploit_hype/

  10. #20
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    How people treat you is their karma- how you react is yours-Wayne Dyer

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •