|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-Disclosure] UDP bypassing in Kerio Firewall 2.1.4
From: David F. Madrid (conde0
telefonica.net)
Date: Tue Apr 22 2003 - 09:57:50 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Issue : UDP bypassing in Kerio Firewall
Affected product : Kerio Firewall 2.1.4 ( last build in his website )
Vendor status : vendor was contacted months ago
Tested Enviroment : switched LAN
Description :
Kerio develops a free firewall thats ships with default rules . Every
incoming / outgoing packet is compared against the default ruleset . As
the first rule accepts incoming packets if remote port is equal to 53 (
DNS ) the firewall can be easily bypassed just setting the source port of
the attack to 53
Exploit : nmap -v -P0 -sU -p 1900 192.168.0.5 -g 53
Recomendations : set a rule to restrict the local ports to a range of
1024-5000 for DNS connections
--
Regards ,
David F. Madrid
Madrid , Spain
www.nautopia.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]