bug with appletalk uninstallation

From: Matice (matice@RIVERSTREAMS.COM)
Date: 01/28/02


Date:         Mon, 28 Jan 2002 01:21:04 -0800
From: Matice <matice@RIVERSTREAMS.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Hello
i found an interesting bug/feature in windows 2000 server

if you have the network card disconnected from the rest of the network and
uninstall apple protocol, the system would inform you that it has successfully
uninstalled the protocol, but in fact it did not remove it (at least totally)

after rebooting the system a couple of times i looked into the event logs and
found records of the system having successfully registered the server with appletalk
(same whether i had the network cable connected or not)

i looked into the network card properties and found out tha tthe appletalk binding
was still there and i had to uninstall it from there, after that i didnt get the event
records anymore,

what bothers me is why the system not able to uninstall protocols even if the
network interface is down ( this can be a security breach for example if you
asume that by removing appletalk protocol youve secured your servers from macs
and you do that while the interface is down and then connect it later and only
to find out at some point that macs still access the system!! i havent been able
to verify that cause i didnt have macs present in the network when i came across this)

microsoft could add a feature option of being able to select whether the the network interface
should be down if there isnt a cable connection,

regards
Matice,

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Qualys - Make Your Network Secure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Go Beyond PARTIAL Security: FREE White Paper

Stop hassling with half-baked ENTERPRISE SECURITY.
FREE White Paper shows you how to ensure TOTAL security for your Internet
perimeter with the most current and most complete PROACTIVE Vulnerability
Assessment solution. Get your FREE White Paper now. Click here!
https://www.qualys.com/forms/techwhite_86.html
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo



Relevant Pages

  • Re: Why is Listener Next to From in Firewall Rules? Building a Custom RPC Protocol....
    ... the ISA 2004 help file specifically discusses server publishing with a ... routed network and how its behavior is different than with NAT, ... If I configure a custom RPC Protocol for an outbound connection, ...
    (microsoft.public.isa)
  • Auto-update protocol
    ... The protocol can't be spoofed by "unfriendlies". ... Minimize unnecessary network traffic as well as ... load on the server (the goal is for the user *not* ... the fingerprint (why not just do a bytewise compare ...
    (comp.arch.embedded)
  • Re: Auto-update protocol
    ... The protocol can't be spoofed by "unfriendlies". ... Minimize unnecessary network traffic as well as ... load on the server (the goal is for the user *not* ... the fingerprint (why not just do a bytewise compare ...
    (comp.arch.embedded)
  • Re: New XP home PC, added NWLink protocol, server claims same name
    ... adding a protocol successfully should not depend on finding any other PC on ... Still can't enable NWLink to provide server services. ... with the same NWLink network settings. ... included NWLink protocol to the new XP machine, ...
    (microsoft.public.windowsxp.network_web)
  • Re: New VPN Server Setup and Failed Connections
    ... the PPP control protocol for this network protocol is not ... available on the server. ... the TCP/IP protocol is selected in the Server Settings of the Network ...
    (microsoft.public.win2000.ras_routing)