Vulnerability Development mailing list archives
Windows ME Default Multicast behavior - a potential for vulnerability?
From: Sam Stern <samstern () MAILANDNEWS COM>
Date: Wed, 6 Sep 2000 16:11:56 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, While testing a software firewall, I noticed an interesting series of transmissions from my Windows ME host: 2000/09/06 9:38:32 AM GMT -0400: Linksys LNE100TX ..[0003][Ref# 200451] Blocking outgoing UDP: src=<myip>, dst=239.255.255.250, sport=1028, dport=1900. <repeated 2x> I've got the host on a switch right now, so I don't have a packet dump for you all. A Quick check of the IANA Multi Cast Docs at http://www.isi.edu/in-notes/iana/assignments/multicast-addresses Shows that this call is under RFC 2365. 239.255.000.000-239.255.255.255 Site-Local Scope [Meyer,RFC2365] an examination of http://www.ietf.org/rfc/rfc2365.txt Yield the interesting paragraph " ... 10. Security Considerations It is recommended that organizations using the administratively scoped IP Multicast addresses not rely on them to prevent sensitive data from being transmitted outside the organization. Should a multicast router on an administrative boundary be mis-configured, have a bug in the administrative scoping code, or have other problems that would cause that router to forward an administratively scoped IP multicast packet outside of the proper scope, the organizations data would leave its intended transmission region. ... " I'm curious: Can this default behavior yield a realistic potential for system compromise especially in a local loop scenario such as a cable modem system? Yours, Sam Stern, Bethesda, MD, USA PGP ID:0x949342F9 mailto:samstern () mailandnews com -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.3 Comment: A Digitally ensures unaltered message content iQA/AwUBObalCLBCInuUk0L5EQIuIwCg/ouC93ezTROw6oB94ZyLPQqf7cIAnjPy UqN93SWgYkrIDyvXjIKlCtp1 =wSbW -----END PGP SIGNATURE-----
Current thread:
- Windows ME Default Multicast behavior - a potential for vulnerability? Sam Stern (Sep 06)