JSI Tip 1070. Malicious users may discover your network topology, if your computer responds to Address Mask requests.
Jerold Schulman
February 11, 1999
1 Min Read
RFC 1122, section 3.2.2.9: A system MUST NOT send an Address Mask Reply unless it is an authoritative agent for address masks. An authoritative agent may be a host or a gateway, but it MUST be explicitly configured as an address mask agent. ...
Prior to SP4, Windows NT responded to Address Mask requests.
Upgrade to SP4.
If you wish your computer to be an Address Mask agent, navigate to:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParameters
Add Value name EnableAddrMaskReply as a type REG_DWORD.A value of 0 is the default and prevents responses to Address Mask requests.A value of 1 allows responses.
About the Author
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
You May Also Like