[unisog] Correction: XP SP2 ports open to local subnet
flynngn at jmu.edu
Thu Jun 10 10:18:28 GMT 2004
David Wagner wrote:
>How does it tell whether the connection is from the same subnet?
>Presumably by source IP address? But the source IP address is easily
>spoofable for udp ports. This is making me wonder whether there may
>be a risk of a remote exploit against 137/udp or 138/udp using forged
>source IP addresses, despite the firewall and the attempt to restrict
>access to the local subnet. Does this sound right? Can anyone shed
>any more light on this?
1) There is a vulnerability (defect, susceptibility to traffic flood,
misconfiguration, etc) in the service listening on those ports and
2) Anti-spoofing filters in the network don't prevent packets from
outside the subnet
with a source address of the subnet from entering the network.
More information about the unisog