Bugtraq mailing list archives
Re: Flaw caused by default rulesets in many desktop firewalls under windows
From: Christian decoder Holler <christian_holler () web de>
Date: 11 May 2002 14:43:23 -0000
In-Reply-To: <20020510184415.6881.qmail () mail securityfocus com> Only as an addition: Tiny personal firewall for example allows ANY communication on port 53 UDP outbound, it does not even check if that is really a DNS request. This is a big security hole that should be fixed immediatly. Note: I also saw that some default settings of ZoneAlarm have DNS requests enabled or they enable them while using ZA. I have not tested my trojan with ZA yet, so I dont know if ZA checks if those requests are valid DNS requests, but there is a possibility that the hole also affects this firewall. If anyone finds out if other firewalls are vulnerable, I would be happy to hear about that. To test that, simply write a program that connects to another computer in your network on UDP 53 where you listen with netcat for example and send a string. If the firewall doesnt alert this connection, then it is vulnerable. cu Chris (decoder)
Current thread:
- Re: Flaw caused by default rulesets in many desktop firewalls under windows Christian decoder Holler (May 11)