|
IGMP attacks
Recently there has been an upsurge in IGMP ( internet group management protocol ) attacks , I have put together some information I have found regarding this subject .
It is important that if you do have a firewall or nukenabber program running you block port 123 ( this is the time port ) this is the port that igmp seems to exploit ( from my tests that is anyway ) and the protocol seems to be read as udp by some firewalls.
SYMPTOMS
When a computer running Windows 95 or Windows 98 receives a fragmented Internet Group Management Protocol (IGMP) packet, the computer's performance may degrade or the computer may stop responding (hang) and require a reboot to restore functionality. Computers running Windows NT 4.0 are also affected by this issue, but other system components prevent any performance degradation. CAUSE A fragmented IGMP packet may cause the TCP/IP stack to improperly gain access to invalid segments of the computer's memory.
RESOLUTION
This patch is now available on the Windows Update Web site. NOTE: If Dial-Up Networking Update version 1.3 for Windows 95 is not installed, you will not be able to view this fix.
Windows NT Windows NT Workstation 4.0; Windows NT Server 4.0; Windows NT Server, Enterprise Edition:
A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Windows NT 4.0 service pack that contains this fix. To resolve this problem immediately, contact Microsoft Product Support
Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:
http://www.microsoft.com/support/supportnet/overview/overview.asp
The hotfix is available by clicking below
Igmpfixi.exe and Igmpfixa.exe.exe
Terminal Server Windows NT Server 4.0, Terminal Server Edition:
A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Windows NT 4.0, Terminal Server Edition, service pack that contains this fix. To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:
http://www.microsoft.com/support/supportnet/overview/overview.asp
This hotfix has been posted to the following Internet location as Igmpfixi and Igmpfixa.exe:
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40TSE/hotfixes-postSP4/IGMP-fix/
Windows 98
This hotfix has been posted to the following Internet location as
3304up98.exe (Windows 98) and 3304upse.exe (Windows 98 Second Edition):
http://www.microsoft.com/windows98/downloads/corporate.asp
Windows 95
this hotfix has been posted to the following Internet location as
3304up95.exe (Windows 95, all versions):
http://www.microsoft.com/windows95/downloads/
NOTE: For Windows 95, this update requires the Dial-Up Networking 1.3
( see our bug fixes page )
|
|
