JSI Tip 1070. Malicious users may discover your network topology, if your computer responds to Address Mask requests.


RFC 1122, section 3.2.2.9: 

   A system MUST NOT send an Address Mask Reply unless it is an
   authoritative agent for address masks. An authoritative agent
   may be a host or a gateway, but it MUST be explicitly configured
   as an address mask agent. ...
Prior to SP4, Windows NT responded to Address Mask requests.

Upgrade to SP4.

If you wish your computer to be an Address Mask agent, navigate to:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters

Add Value name EnableAddrMaskReply as a type REG_DWORD. A value of 0 is the default and prevents responses to Address Mask requests. A value of 1 allows responses.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish