ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Become a ZDNet.co.uk member

Resources Downloads

Download Now

Windows Me Malformed IPX NMPI Packet Vulnerability Patch


License Free
Requirements None
Downloads 166 Limitations None
Publisher Microsoft File Size 216k
Date added 13 Oct 2000 Check your speed

Report a broken link

This patch eliminates a security vulnerability that could cause an affected system to fail, and depending on the number of affected machines on a network, potentially could be used to flood the network with superfluous data. The affected system component is normally present only if it has been deliberately installed.

The Microsoft IPX/SPX protocol implementation (NWLink) includes an NMPI (Name Management Protocol on IPX) listener that will reply to any requesting network address. The NMPI listener software does not filter the requesting computer's network address correctly, and will therefore reply to a network broadcast address. Such a reply would in turn cause other IPX NMPI listener programs to also reply. This sequence of broadcast replies could generate a large amount of unnecessary network traffic. A machine that crashed due to this vulnerability could be put back into service by rebooting.

IPX is not installed by default in Windows 98, 98 Second Edition, or Windows Me, and is only installed by default in Windows 95 if there is a network card present in the machine at installation time. Even when IPX is installed, a malicious user's ability to exploit this vulnerability would depend on whether they could deliver a malformed NMPI packet to an affected machine. Routers frequently are configured to drop IPX packets, and if such a router lay between the malicious user and an affected machine, they could not attack it. Routers on the Internet, as a rule, do not forward IPX packets, and this would tend to protect intranets from outside attack, as well as protecting machines connected to the Internet via dial-up connections. As discussed in the FAQ, the most likely scenario in which this vulnerability could be exploited would be one in which a malicious user on an intranet would attack affected machines on the same intranet, or one in which a malicious user on the Internet attacked affected machines on their cable modem or DSL subnet. Read the ""Malformed IPX NMPI Packet"" Vulnerability FAQ.

Download Now

Did you find this download useful?
4 out of 9 users found this download useful


People who downloaded this software also downloaded...

SolidShare 2.6.11

Connect anyone on your network to the Internet with one ISP account and one modem.

More info +

Download


SpyWall Anti-Spyware 1.4.3.1

Remove spyware and keep them out with a browser sandbox.

More info +

Download


n-Pass2Go 2.7.0.465

Store and manage your passwords and encrypted data on any removable device.

More info +

Download


Anonymity Gateway 2.5

Mask your real IP while surfing and erase traces of online activity.

More info +

Download


ItsCryptic 1

Protect files confidential to you or your business by encrypting them.

More info +

Download


Watch N Catch 1.0

Protect your assets with an IP-based video surveillance system.

More info +

Download


EasyCryptor 1

Encrypt and decrypt any files and send results to your e-mail address.

More info +

Download


Child Computer Lock 1.6

Protect your privacy by locking your computer.

More info +

Download


Safe AutoLogon 1.5.93

Save Windows account information encrypted in AES/Triple-DES and log on automatically.

More info +

Download


Signed Sealed & Delivered 1.1.4

Put your confidential information in a secure encrypted vault for transfer over the Web.

More info +

Download



Download

Embarcadero Power SQL

Embarcadero PowerSQL simplifies SQL development for application developers with many features for improving productivity and reducing errors.

  • Downloads: 4,192
  • Requirements:
  • License: Vendor registration required
  • Publisher: Embarcadero
  • Size: 0

Download Now

More In Security management


Sentry Posts Blog

Should a security professional have a...

My own experience and talking to colleagues has prompted me to wonder whether the day has arrived that security professionals will need a legal background. The information security... More

1 comment

Transys comment speculation

I've been pondering why it's so difficult to get any official comment out of any of the organisations involved when it comes to what is happening with Transys. Transys is the consortium... More

Post a comment

Wallet Phones Are Coming:Visa Should J...

Wallet Phones Are Coming:Visa Should Jump On Board Author: Eric Everson, Founder MyMobiSafe.com I have touched on the subject of wallet phones (a mobile handset capable of eliminating... More

Post a comment

Featured Talkback

It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.

By: RonaldWilkins

Read full story:
Deloitte: People are still weakest security link

DOWNLOAD

Security Essentials

Security Downloads

There are masses of security suites out there for small businesses. Here's a selection to get you started

Editor’s Rating
1 Norton 360™
2 AVG Anti-Virus Free Edition Rating: 10
3 PC Tools AntiVirus Free Edition
4 Kaspersky Internet Security

See All Software

In association with Symantec