logo Home

Untitled Document

Home > Archives Advisories > Articles

Untitled Document

Untitled Document

Kaspersky Anti-Hacker Dos vulnerability
Date: 2003-03-20

Author : Bojan Zdrnja - Bojan.Zdrnja@LSS.hr

Product: Kaspersky Anti-Hacker
Version: 1.0
Website: http://www.kaspersky.com/buyonline.html?info=967571

1. Introduction

Kaspersky Anti-Hacker is a Kaspersky Lab personal firewall product. As other
products in this category, Kaspersky Anti-Hacker allows creation of packet
and application filtering rules.

Among the other things, Kaspersky Anti-Hacker has included a very simple version
of Intrusion Detection System. This IDS module is automatically activated upon
installation of product. IDS is capable of detecting only 7 attacks, including
port scanning and SYN/UDP flooding. Together with the IDS, firewall has also a
possibility of active blocking of detected attacks. This option (which is turned
on by default) makes DoS attacks on remote users running Kaspersky Anti-Hacker
very easy.

2. Exploit

If active blocking is turned on, upon detection of known attack, Kaspersky
Anti-Hacker will block *ALL* traffic to source IP address detected in attack.
By sending spoofed packets a remote machine running Kaspersky Anti-Hacker
attacker can easily deny legitimate traffic to any IP address.

Example with hping2:

# hping -S -i u1 -s +1025 -p +21 <victims_IP_address> -w 3072 -a \

Kaspersky Anti-Hacker will report this attack as SYN flood and will
automatically block all traffic to spoofed_IP_address.

Same thing can be accomplished with nmap's decoy option:

# nmap -sS -P0 -D<spoofed_IP_address> <victims_IP_address>

This time Kaspersky Anti-Hacker will detect port scanning attack and
automatically block all traffic to spoofed_IP_address.

3. Solution

Disable Assaulter blocking time option. Kaspersky Anti-Hacker will still report
possible attacks and user can stop them manually.

4. Vendor

Vendor notified, no response received.

Best regards,

Bojan Zdrnja


arrowSearch Advisories


Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.


About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy