There is a serious enough problem with Windows, Sun08, and Solaris operating systems which can leave your computer prone to snooping - not by Big Brother, but by Little Brother: hackers. And this could mean hackers knowing where you're surfing as well as the usual man-in-the-middle and denial-of-services attacks.
That's the alarm raised in a report from a company whose expertise includes hacking and computer security. The report says most large internal computer networks and broadband cable modem computer users are at the greatest risk.
LOpht says the flaws allow hackers to spoof the ICMP router discovery protocol (IRDP) and add by remote default route entries on a remote system. "The default route entry added by the (hacker) will be preferred over the default route obtained" from computer networks or broadband cable modem users, the company says.
In other words, an unauthorized user can cut off outgoing information, potentially modify un- or lightly-encrypted information, or even deny service to the network or the broadband.
"In essence," says ZDNet News, which monitors the computer world and cyberspace, "another computer on the same network can be used to change the default path that packets (of information) take out to the Internet. By placing the address of their own server in the system, an attacker can look at all the outgoing packets of information."
The dangerous aspect, LOpht says, is in various Windows and even some Sun platforms enabling and believing the protocol even when router information is specified - when the operating system believes the hacker's protocol even though the user may think he's telling it otherwise.
The company suggests Microsoft's Windows and Sun's Sun08 and Solaris systems have been vulnerable to this kind of hacking for a long time.
LOpht says denial of service attacks by way of this kind of spoof can be extremely severe.
In passive monitoring by this spoof, an attacker can use the switched environment to reroute outbound information traffic of vulnerable systems through himself, letting him monitor or even record one side of the conversation.
For this to work, though, the attacker must be on the same network as the intended victim.
The man in the middle attack takes the passive monitoring to the next level, the company says, by modifying any outgoing traffic or playing man-in-the-middle, acting as a "proxy" between the intended victim and the host. The victim thinks he's connected directly to the end host, but is actually connected to the attacker, who is connected to the end host and feeding information through…at his choice.
