Fix DHCP Security Flaw

The ICMP Router Discovery Protocol (IRDP) comes enabled by default on DHCP clients that are running Microsoft WIndows 9x/2000 machines. By spoofing IRDP Router Advertisements, an attacker can remotely add default route entries on a remote system.
For full details of this vulnerabilty see the L0pht advisory.
Open your registry and find the key below. Where #### is the binding for TCP/IP. More than one TCP/IP binding may exist.
For each number (eg. 0001) open the key and create a new DWORD value called 'PerformRouterDiscovery' and set the value to equal '0'.
Exit Windows and Restart.

Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Class\NetTrans\####]
Value Name: PerformRouterDiscovery
Data Type: REG_DWORD
Data: (0 = disable, 1 = enable)

More Info: http://support.microsoft.com/support/kb/articles/q216/1/41.asp

About this post

Posted: 2007-05-03
By: FortyPoundHead
Viewed: 1,678 times

Categories

Attachments

No attachments for this post

Comments

No comments have been added for this post.

You must be logged in to make a comment.