[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Win.DHCP.client.buffer-overflow.exploit
 Date:  Mon, 24 Jul 2006 10:09:56 -0400
>
> does anyone know what is going on with m0n0wall DHCP Server that my
> Kaspersky Anti-Hacker is coming with alert ?
>

Bad Kaspersky signatures no doubt.

The mentioned subject line sounds like a relativley new signature for
an exploit of a recent vulnerability in Windows 2000 DHCP clients.
Bad AV and other security software signatures are becoming more and
more common.  m0n0wall certainly isn't doing anything that would
trigger a legit alert.

If you're using a bridged interface, where DHCP packets can enter from
the Internet, or are plugged in outside the firewall exposed to the
Internet, then that alert might be true but has nothing to do with
m0n0wall.

-Chris