Fix DHCP Security Flaw

Posted On 2007-05-03 by FortyPoundHead
Keywords: Fix DHCP Security Flaw (Windows 9x)
Views: 1473

The ICMP Router Discovery Protocol (IRDP) comes enabled by default on DHCP clients that are running Microsoft WIndows 9x/2000 machines. By spoofing IRDP Router Advertisements, an attacker can remotely add default route entries on a remote system.
For full details of this vulnerabilty see the L0pht advisory.
Open your registry and find the key below. Where #### is the binding for TCP/IP. More than one TCP/IP binding may exist.
For each number (eg. 0001) open the key and create a new DWORD value called 'PerformRouterDiscovery' and set the value to equal '0'.
Exit Windows and Restart.

Key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Class\NetTrans\####]
Value Name: PerformRouterDiscovery
Data Type: REG_DWORD
Data: (0 = disable, 1 = enable)

More Info:

About the Author

has posted a total of 1974 articles.

Comments On This Post

No comments on this post yet!

Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.

Your IP address is:

Before you can post, you need to prove you are human. If you log in, this test goes away.

Code Links