A denial of service vulnerability exists within the Internet Connection Sharing service in Microsoft Windows XP. This vulnerability allows a LAN-side attacker to send a specialy-crafted DNS request to a vulnerable host in order to cause a denial of service for the ICS service, which also includes the Windows firewall service, potentially fostering further exploitation when the firewall is taken offline.
Windows XP SP2 and prior
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 5590 - Internet Connection Sharing DoS
The only form of mitigation for this vulnerability is to deny service to the Internet Connection Sharing Service by disabling the service, or blocking udp/53 on the host running ICS.