The Broadband Guide
SG
search advanced

IRDP Security Vulnerability in Windows 9x

2003-03-29 (updated: 2019-05-22) by

The ICMP Router Discovery Protocol (IRDP, RFC 1256) comes enabled by default on DHCP clients that are running MS Windows 9x, Windows ME and Windows 2000 machines. Using router discovery, clients dynamically discover routers and can switch to backup routers if a network failure or administrative change is needed. However, by spoofing IRDP Router advertisements, a potential attacker can remotely add default route entries on a remote system. The default route entry added by the attacker will be preferred over the default route obtained from the DHCP server on Windows 9x/ME systems. The problem is not in IRDP itself, but rather that MS platforms use it even when DHCP is enabled and the DHCP setup specifies router information. To disable this vulnerability, you need to add the following entry to the Registry. This is intended for advanced users, please backup your Registry before making any changes.


Windows 9x / ME:

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesClassNetTrans00n (Where "000n" is your TCP/IP protocol. It contains "TCP/IP" assigned to the "DriverDesc" Value)

PerformRouterDiscovery="0" (DWORD value) Note: Although according to Microsoft's documentation the value should be DWORD, they have moved to string values for most TCP/IP related Registry entries in Windows 98, so the documentation on the value type could be wrong.  


Windows 2000:

HKLMSYSTEMCurrentControlSetServicesTcpipParametersInterfacesinterface
PerformRouterDiscovery="0"
(REG_DWORD, range 0,1,2, 0=disabled, 1=enabled, 2=enable only if DHCP sends the router discover option)

Note: IRDP support is disabled by default on NT4, and enabled on Windows 2000.  


References:

MSKB 216141 - How to disable IRDP in Windows 9x


  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About