Re: [Full-Disclosure] Windows SP2 firewall: Famous for 3 seconds?

From: Darren Reed (avalon_at_caligula.anu.edu.au)
Date: 02/26/04

  • Next message: randall perry: "Re: [Full-Disclosure] Need help in performing a remote vulnerability scan" 
    To: killedbythoughts@mindcrime.net (Sebastian Niehaus)
Date: Thu, 26 Feb 2004 16:08:37 +1100 (Australia/ACT)

    In some mail from Sebastian Niehaus, sie said:
    >
    > [...]
    >
    > | What existing functionality is changing in Service Pack 2 for Windows
    > | XP?
    > |
    > |
    > | Enhanced multicast and broadcast support
    > |
    > | Detailed description
    > |
    > | Multicast and broadcast network traffic differ from unicast traffic
    > | because the response comes from an unknown host. As such, stateful
    > | filtering prevents the response from being accepted. This stops a
    > | number of scenarios from working, ranging from streaming media to
    > | discovery.
    > |
    > |
    > | To enable these scenarios, Windows Firewall will allow a unicast
    > | response for 3 seconds from any source address on the same port from
    > | which the multicast or broadcast traffic originated.
    >
    > Sounds like a broken concept, as always. Eh?

    Not necessarily. Details are always in the implementation (and I think
    that description is likely worded wrongly.)

    This has much bigger significance for IPv6 where ARP messages have been
    replaced with ICMPv6 messages.

    Darren

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: randall perry: "Re: [Full-Disclosure] Need help in performing a remote vulnerability scan"

    Relevant Pages

    • Wireless LAN unter Gentoo Linux auf Acer Aspire 3022
      ... UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 ... eth1 Link encap:UNSPEC HWaddr ... Date format: Timestamp ...
      (de.comp.os.unix.linux.hardware)
    • Re: Multicast MAC and Unicast IP Address
      ... I am interested in knowing what the rules are because up to now everybody just told me that it is a strange way to use multicast but some also said that it is illegal. ... When a host sends a datagram to a link-layer broadcast address, the IP destination address MUST be a legal IP broadcast or IP multicast address. ... I believe that the use of a multicast MAC address to send a unicast IP packet to a group of devices (e.g., a cluster) is a perfectly correct use of link-layer multicast, assuming that the cluster software knows how to deal with the fact that multiple devices are receiving the same IP datagram. ...
      (comp.dcom.lans.ethernet)
    • Re: vb6.0 udp multicast problem
      ... I use winsock withUDPfor ... broadcast in a mixed Windows / Irix environment. ... Keep in mind that the UNIX box is broadcasting multicast and ... Me.udpServer.RemoteHost = udpRemoteHost ...
      (microsoft.public.vb.general.discussion)
    • Re: When does Linux drop UDP packets?
      ... On Fri, 5 Jun 2009, Alexander Clouter wrote: ... It's dead easy to transmit and receive multicast traffic, ... By using broadcast traffic the load (okay, ... discovering that multicast can be used for device discovery rather than ...
      (Linux-Kernel)
    • Re: is there a way for a client to detect a server on the network
      ... >> broadcast over the network to discover availlable servers and the ... >> user could then select the server he prefers. ... > .NET remoting does not provide service discovery nor service dictionary, so> you need to do it yourself. ... >> network however this would take hours as it is far to slow> Ever heard about IP broadcast or multicast? ...
      (microsoft.public.dotnet.framework.remoting)