Windows 2000 and Windows NT contain a flaw that may allow a malicious user to bypass firewalls and network perimiters to access internal computers and networks. The issue is triggered when IP forwarding is enabled on computers which are not configured as firewalls or routers and are positioned outside the network perimeter. This flaw may lead to a loss of Confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):
Disable IP forwarding:
From the Windows Start menu, select Settings, Control Panel, Network.
Click the Protocols tab.
Select TCP/IP Protocol from the list of network protocols.
Click the Routing tab.
Clear the Enable IP Forwarding check box.
Click OK twice to apply changes.
- OR -
Disable this function remotely by opening the registry on the remote host and locating the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters key. Set the IPEnableRouter value to zero. A reboot will be necessary for the changes to take effect.