logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

UDP bypassing in Kerio Firewall
Date: 2003-04-22

Author : David F. Madrid <conde0@telefonica.net>

Issue : UDP bypassing in Kerio Firewall

Affected product : Kerio Firewall 2.1.4 ( last build in his website )

Vendor status : vendor was contacted months ago

Tested Enviroment : switched LAN

Description :

Kerio develops a free firewall thats ships with default rules . Every
incoming / outgoing packet is compared against the default ruleset . As
the first rule accepts incoming packets if remote port is equal to 53 (
DNS ) the firewall can be easily bypassed just setting the source port of
the attack to 53
Exploit : nmap -v -P0 -sU -p 1900 192.168.0.5 -g 53

Recomendations : set a rule to restrict the local ports to a range of
1024-5000 for DNS connections



 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy