Select Page

A bit of flurry about an exploit available in Internet Connection Sharing (ICS).  Basically, this exploit allows an attacker to shut down the Windows Firewall.

While any exploit is something to be concerned about, this one is not a big deal and is not worthy of mass panic.  George Ou writes on this issue here, worth reading.  

To distill the problem, first ask yourself:  Do you even use Internet Connection Sharing?  

If you’re like most people, you don’t.  In fact, Internet Connection Sharing is something most people don’t even know about — it’s a little-used feature that Microsoft has been shipping since Windows 98 that allows one computer’s internet connection to be shared by others.

Maybe it’s used in third world countries, where one dial up connection is shared by others (while some poor fellow gets the job of having to bicycle to keep the generator going). But ICS is just not part of any current network topology.  And for those who share a DSL or cable modem through ICS — let me give you a word of advice.  If you can afford the $50 per month for your service, then pay even half that amount for a cheap firewall/router.  Really.

Second, if you do use Internet Connection Sharing, realize that this exploit only affects you from the inside of your LAN.  Yes, folks, this is not something where you have to go to a website and get hacked.  It is exploited from within. 

Reguly at nCircle, the fellow who is chatty about this particular exploit, has recommended a solution that might not be the best course of action — disabling ICS (which will kill the Windows firewall, not the approach I would be the most sanguine about) and blocking port 53.  [Update — I have to correct myself — it’s true that if you kill the Firewall/ICS service, you kill your Windows firewall.  But as the nCircle folks point out, you can simply disable ICS and keep the firewall going, mitigating this exploit. More here.]

You want the solution?  Follow Secunia’s advice: “Use another way of sharing the Internet connection”.  Yup, like a cheap router/firewall (unless you’re still stuck on the bicycle generator).

Alex Eckelberry
(Hat tip to George Ou.)

UPDATE:  More here at nCircle on disabling ICS.

Fatal error: Uncaught wfWAFStorageFileException: Unable to save temporary file for atomic writing. in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:34 Stack trace: #0 /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(658): wfWAFStorageFile::atomicFilePutContents('/home/eckelberr...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('livewaf') #2 {main} thrown in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 34