Wachtwoord vergeten?

Wachtwoord vergeten
Vul hier uw email adres in. U ontvangt dan een nieuw wachtwoord.

Top5 Dynamics

Top1 Dynamics CRM 2013

Preventing Distributed Denial-of-Service Attacks that Use the Universal Plug-and-Play Service

Gepost op 15-12-2004 - Windows XP - 0 reacties

De informatie in dit artikel is van toepassing op:

  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional Edition
  • Microsoft Windows Millennium Edition
  • Microsoft Windows 98 Tweede editie
  • Microsoft Windows 98 Standard Edition
Dit artikel is eerder gepubliceerd onder NL315056
IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it ifa problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.

Samenvatting


The patch that is provided in Microsoft Security Bulletin MS01-059 introduces new functionality to limit the ability of a Universal Plug and Play-capable computer to be used in distributed denial-of-service attacks. The purpose of this article is to list the new functions and describe how to use them most effectively.

NOTE: The information in this article applies to Windows 98-based and Windows 98 Second Edition-based computers if the Internet Connection Sharing client from Windows XP has been installed.

Meer informatie

WARNING: Using Registry Editor incorrectly can cause serious problems thatmay require you to reinstall your operating system. Microsoft cannotguarantee that problems resulting from the incorrect use of Registry Editorcan be solved. Use Registry Editor at your own risk.


For information about how to edit the registry, view the "Changing Keys andValues" Help topic in Registry Editor (Regedit.exe) or the "Add and DeleteInformation in the Registry" and "Edit Registry Data" Help topics inRegedt32.exe. Note that you should back up the registry before you edit it.If you are running Windows NT or Windows 2000, you should also update your EmergencyRepair Disk (ERD).

Regulating Device Description Downloads Based on Network Scope


The patch introduces the ability to limit the lengths to which the Universal Plug and Play (UPnP) service can go to download a device description. An administrator can use this functionality to cause a patched computer to attempt to download a device description only if it resides in a predetermined locality on the network. To enable this functionality:
  1. Start Registry Editor (Regedt32.exe).
  2. Locate and click the following key in the registry:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UPnP Control Point

  3. On theEditmenu, clickAdd Value, and then add the following registry value:

    Value name:DownloadScope

    Data type: REG_DWORD

    Value data:

    0- on the same subnet
    1- same subnet or at a private address
    2- same subnet or at a private address or within 4 hops
    3- anywhere

  4. Quit Registry Editor.
If the target is beyond the configured scope, a download is not attempted. By default (no registry value set), Windows only downloads device descriptions from hosts on the same subnet or in the private network.

Regulating Device Description Downloads Based on Router Hops


You can use an existing capability to limit where the UPnP service will download device descriptions, based on the number of router hops. To alter this setting (which operates independently of the UPnP Control Point setting):
  1. Start Registry Editor (Regedt32.exe).
  2. Locate and click the following key in the registry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters

  3. On theEditmenu, clickAdd Value, and then add the following registry value:

    Value name:TTL

    Data type: REG_DWORD

    Value data: maximum number of router hops between the computer and the device description host

  4. Quit Registry Editor.
If the target is separated from the local computer by more than the specified number of router hops, a download is not attempted. By default (no registry value set), the UPnP service traverses a maximum of 4 router hops in pursuit of a device description.

Port Restrictions for Device Description Downloads


The patch introduces restrictions on the ports that can be specified for downloading device descriptions. Patched computers do not attempt to download device histories from any port under 1024, except for port 80.

Delay Mechanism


The patch also includes a non-configurable delay mechanism that prevents a computer from repeatedly and continuously attempting to download a device description, particularly if the host is on a remote network.


When you start a new download, a patched computer consults two tables. The first provides a maximum delay that is based on the number of failed download attempts from the current host, and whether the host is located on the local network or on an external one. The more failures, and the farther away the host is located, the longer the maximum delay, up to a limit of 4 minutes. The second table provides a maximum delay that is based on the number of downloads already in progress. The more ongoing downloads, the longer the maximum delay, up to a limit of one minute.


The system sums the two delay values that are derived from the tables, and generates a random number between zero and the sum. It then delays that many seconds before attempting the download.

Microsoft Security Bulletin MS01-059


To view this security bulletin, please view the following Microsoft Web site:http://www.microsoft.com/technet/security/bulletin/MS01-059.asp

PrintPrint RSS reactiesRSS reacties BookmarkBookmark

Relevante artikelen

Gekoppelde tags

Download, Patch, Update, Windows 2000, Windows 98, Windows 98 Tweede Editie, Windows ME, Windows NT, Windows XP

Reacties
Nog geen reacties geplaatst.

Winkelmandje

Het winkelmandje is leeg

Inloggen
Als u hierboven op de knop 'bestellen' klikt krijgt u een overzicht van de door uw gewenste producten. Indien het overzicht compleet en correct is kunt via de wizard de verdere gegevens invullen en uw bestelling afronden. In het bestelproces kunt u altijd op 'vorige' drukken om terug te gaan in het proces. Bij Perrit staan vertrouwen, privacy en veiligheid op de eerste plaats, wij zullen uw gegevens dan ook met uiterste zorgvuldigheid behandelen en nooit doorgeven aan derden.
  • Sherwood Rangers 29
  • 7551 KW Hengelo
  • T: +31 74 750 12 20
  • nl
    en

Perrit.nl Sherwood Rangers 29 Hengelo

Perrit.nl telefoon: +31 74 750 12 20

Kenniscentrum - Preventing Distributed Denial-of-Service Attacks that Use the Universal Plug-and-Play Service
Perrit Kenniscentrum - Preventing Distributed Denial-of-Service Attacks that Use the Universal Plug-and-Play Service