lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200402260508.i1Q58cio020420@caligula.anu.edu.au>
From: avalon at caligula.anu.edu.au (Darren Reed)
Subject: Windows SP2 firewall: Famous for 3 seconds?

In some mail from Sebastian Niehaus, sie said:
> 
> [...]
> 
> | What existing functionality is changing in Service Pack?2 for Windows
> | XP?
> | 
> | 
> | Enhanced multicast and broadcast support
> | 
> | Detailed description
> | 
> | Multicast and broadcast network traffic differ from unicast traffic
> | because the response comes from an unknown host. As such, stateful
> | filtering prevents the response from being accepted. This stops a
> | number of scenarios from working, ranging from streaming media to
> | discovery.
> | 
> | 
> | To enable these scenarios, Windows Firewall will allow a unicast
> | response for 3?seconds from any source address on the same port from
> | which the multicast or broadcast traffic originated.
> 
> Sounds like a broken concept, as always. Eh?

Not necessarily.  Details are always in the implementation (and I think
that description is likely worded wrongly.)

This has much bigger significance for IPv6 where ARP messages have been
replaced with ICMPv6 messages.

Darren


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ