Windows ICS Attack Can Bring Down Firewall

Aron Schatz
October 31, 2006

Page All:

Page 1
This is not that big of a deal for most people, but if you are running internet connection sharing it may be. Move to a router.


The code, which was posted on the Internet early Sunday morning, could be used to disable the Windows Firewall on a fully patched Windows XP PC that was running Windows' Internet Connection Service (ICS). This service allows Windows users to essentially turn their PC into a router and share their Internet connection with other computers on the local area network (LAN.) It is typically used by home and small-business users. The attacker could send a malicious data packet to another PC using ICS that would cause the service to terminate. Because this service is connected to the Windows firewall, this packet would also cause the firewall to stop working, said Tyler Reguly, a research engineer at nCircle Network Security Inc., who has blogged about the issue.


Medium Image View Large