public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-dev] Security Vulnerabilities related to a Windows Environment?
@ 2002-05-27 18:00 Allix Primus
  2002-05-27 19:00 ` Kim Nielsen
  0 siblings, 1 reply; 2+ messages in thread
From: Allix Primus @ 2002-05-27 18:00 UTC (permalink / raw
  To: gentoo-dev

I'm not quite sure if this is the correct venue to ask this question but 
here goes.

I've been using Gentoo for a few months as our office's linux distribution 
to perform various security audits.

While reading through page 17 of the 28 page Gentoo Linux Security Guide, I 
noticed a lot of information pertaining to patching numerous holes in the 
operating system through /proc. These vulnerabilities range from source 
routed packets, to ICP redirect acceptance. After searching through quite a 
few google pages, I didn't find any Windows specific content on these 
topics.

Are these security vulnerabilities only restricted to linux or can these be 
changed on Windows systems as well?

Any help or links would be greatly appreciated.

Thanks,

Al

linuxboy18@msn.com

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com



^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [gentoo-dev] Security Vulnerabilities related to a Windows Environment?
  2002-05-27 18:00 [gentoo-dev] Security Vulnerabilities related to a Windows Environment? Allix Primus
@ 2002-05-27 19:00 ` Kim Nielsen
  0 siblings, 0 replies; 2+ messages in thread
From: Kim Nielsen @ 2002-05-27 19:00 UTC (permalink / raw
  To: gentoo-dev

On Mon, 2002-05-27 at 20:00, Allix Primus wrote:
> 
> While reading through page 17 of the 28 page Gentoo Linux Security Guide, I 
> noticed a lot of information pertaining to patching numerous holes in the 
> operating system through /proc. These vulnerabilities range from source 
> routed packets, to ICP redirect acceptance. After searching through quite a 
> few google pages, I didn't find any Windows specific content on these 
> topics.

Windows has some of the same problems. Only windows does not support
features like acting as a router per default.

ICMP packets are dangerous no matter what OS you are using. The process
of altering values in /proc is to harden the system and avoid DoS
attacks or even helping others to make a DoS attack.

The trick of altering a route is also know for windows machines and can
probably be disabled. But per default any M$ machine will respond to a
broadcast. And a windows machine will not per default drop strange hand
crafted packets.

> Are these security vulnerabilities only restricted to linux or can these be 
> changed on Windows systems as well?
No .. the problem still exists .. but most people don't use windows as a
router, they use a real router. But Linux can act as a router or a
bridge and that is why you need some extra features turned off if you do
not use them.

Windows users normally rely on a personal firewall or a router in front
of the server for filtering the right packets. But a router does not
filter all ICMP packet correct or cannot filter then because some
cracker tools use ICMP as a tunnel for other traffic. This tunnel can be
used to send normal IP traffic without a firewall seeing it.

> Any help or links would be greatly appreciated.
> 
I hope this helped you and I'm sorry that I was not able to give you any
links for windows but I haven't used a windows machine for any security
project in a lot of years.

Best regards
Kim
-- 
I'm the face that stares at you from the shadows.
                        http://www.insecurity.dk



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2002-05-27 19:08 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-05-27 18:00 [gentoo-dev] Security Vulnerabilities related to a Windows Environment? Allix Primus
2002-05-27 19:00 ` Kim Nielsen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox