Re: Patch for w98/igmp frag bug (alias kod) and ICMP-type 13

From: R a v e N (barakirsat_private)
Date: Sat Aug 28 1999 - 09:48:59 PDT

Next message: Krzysztof Anton: "Re: ProFTPD"

Previous message: Chris Butler: "Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Microsoft didn't release a working* patch against the IGMP headers attack
yet. It usually takes them a couple of months to release a patch against a
DoS attack.
I personally don't like the idea that even the dumbest script kiddie in
the world could DoS me when I use Windows to connect to the Internet and
run applications I don't have under Linux (I hate emulators and they hate
me. We never get along. lol).
Anyway, about that "downloader" you've mentioned: many products, whether
they are freeware or shareware, come as some kind of a "downloader". I
don't think Microsoft wants you to run this program in order to obtain
information about your computer. They have other ways...

* I said working because I saw some kind of an "experimental fix" (that's
how they called it) on M$'s website once. I tried it and it didn't work at
all (I tried all of the .c sources. kod.c, kox.c, fawx.c and that other
one, whatever it's name is. Some of them worked, some didn't. But the
point is that some of them worked.
I tried finding a URL for you guys on M$'s little webserver... no luck. It
seemed to have disappeared. So much for "experimental fixes"...

Roman Medina-Heigl Hernandez wrote:

> {Sorry if this is known... Aleph, feel free to discard this message.}
>
>  I've been looking for a M$ *w98* patch for these DoS bugs and I've
> found nothing. I visited M$ web, used the site' search engine (tried
> keywords like "kod", "igmp", etc), viewed w98 support section,
> security bulletins, ... with no success. :-(
>
>  M$ recommends a patch called "System Update" (included in Service
> Pack 1), although it says nothing about the related DoS. Same occurs
> with SP1 (for w98). Do they fix the problem? At least it seems not to
> be documented.
>
>  I also want to show my unconformity with M$ policy about w98 SP. You
> are forced to download an updater program in order to be able to
> download SP (the alternative method is paying some $$ for ordering a
> cd). Why do I need such a program? (I do not want to give the chance
> to send info about my machine to M$...). Most of w98 users are usually
> referred as dumb users, but I don't think they cannot use a patch in
> .exe form (like NT Service Packs). Don't you think so, Bill? ;-)
>
>  Yours, Román.
>
> ------ E.T.S. Ingenieros Telecomunicacion ---------
> ---\\     Roman Medina-Heigl Hernandez        //---
> ---//       E-Mail:  romanat_private          \\---
> ------- URL: http://www.esi.us.es/~roman ----------

--
It took the computing power of three Commodore 64 computers to fly to the
moon.
It takes a 486 66MHZ computer to run Windows 95. Anything wrong?

http://blacksun.jemix.com

Next message: Krzysztof Anton: "Re: ProFTPD"
Previous message: Chris Butler: "Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:59:41 PDT