News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About
The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot your password?

IRDP Security Vulnerability in Windows

2003.03.29 16:04 by Philip


The ICMP Router Discovery Protocol (IRDP, RFC 1256) comes enabled by default on DHCP clients that are running MS Windows9x, Windows ME and Windows2000 machines. Using router discovery, clients dynamically discover routers and can switch to backup routers if a network failure or administrative change is needed. However, by spoofing IRDP Router advertisements, a potential attacker can remotely add default route entries on a remote system. The default route entry added by the attacker will be preferred over the default route obtained from the DHCP server on Windows 9x/ME systems. The problem is not in IRDP itself, but rather that MS platforms use it even when DHCP is enabled and the DHCP setup specifies router information. To disable this vulnerability, you need to add the following entry to the Registry. This is intended for advanced users, please backup your Registry before making any changes.

 

Windows 9x / ME:

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesClassNetTrans00n (Where "000n" is your TCP/IP protocol. It contains "TCP/IP" assigned to the "DriverDesc" Value)
PerformRouterDiscovery="0" (DWORD value)

Note: Although according to Microsoft's documentation the value should be DWORD, they have moved to string values for most TCP/IP related Registry entries in Windows 98, so the documentation on the value type could be wrong.

 

Windows 2000:

HKLMSYSTEMCurrentControlSetServicesTcpipParametersInterfacesinterface
PerformRouterDiscovery="0" (REG_DWORD, range 0,1,2, 0=disabled, 1=enabled, 2=enable only if DHCP sends the router discover option)

Note: IRDP support is disabled by default on NT4, and enabled on Windows 2000.

 

References:

Q216141 - How to disable IRDP in Windows 9x

  Post your review/comments
    rate:
   avg:
comment print discuss top

exec. time: 0.00974 s
Copyright © 1998-2014 Speed Guide, Inc. All rights reserved.
Terms of Use | Privacy Policy