Re: Flaw caused by default rulesets in many desktop firewalls under windows

[Christian decoder Holler <christian_holler () web de>]

In-Reply-To: <20020510184415.6881.qmail () mail securityfocus com>

Only as an addition:

Tiny personal firewall for example allows ANY communication 
on port 53 UDP outbound, it does not even check if that is 
really a DNS request. This is a big security hole that 
should be fixed immediatly.

Note: I also saw that some default settings of ZoneAlarm 
have DNS requests enabled or they enable them while using 
ZA. I have not tested my trojan with ZA yet, so I dont know 
if ZA checks if those requests are valid DNS requests, but 
there is a possibility that the hole also affects this 
firewall. If anyone finds out if other firewalls are 
vulnerable, I would be happy to hear about that.
To test that, simply write a program that connects to 
another computer in your network on UDP 53 where you listen 
with netcat for example and send a string. If the firewall 
doesnt alert this connection, then it is vulnerable.

cu

Chris (decoder)