Flaw caused by default rulesets in many desktop firewalls under windows

From: Christian decoder Holler (christian_hollerat_private)
Date: Fri May 10 2002 - 11:44:15 PDT

Next message: Markus Arndt: "Possible Buffer Overflow in ACDSee 4.0"

Previous message: bugzillaat_private: "[RHSA-2002:081-06] perl-Digest-MD5 UTF8 bug results in incorrect MD5 sums"
Next in thread: Frank Knobbe: "Re: Flaw caused by default rulesets in many desktop firewalls under windows"
Reply: Frank Knobbe: "Re: Flaw caused by default rulesets in many desktop firewalls under windows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Several Desktop-Firewalls for Windows, such as Tiny Personal Firewall 2.0 or ATGuard, maybe also others, allow DNS resolving by default. That allows reversed trojans to connect to a server on port 53 and send/receive commands and informations without the user knowing it. The firewall permits any communication to any server on port 53 UDP. I wrote a small trojan in VB and tested it with Tiny Personal Firewall 2.0 and it worked. Solution: Change the default rules for DNS to a fixed host, for example to the DNS server of the ISP or the DNS server in the local network. cu Chris (decoder)

Next message: Markus Arndt: "Possible Buffer Overflow in ACDSee 4.0"
Previous message: bugzillaat_private: "[RHSA-2002:081-06] perl-Digest-MD5 UTF8 bug results in incorrect MD5 sums"
Next in thread: Frank Knobbe: "Re: Flaw caused by default rulesets in many desktop firewalls under windows"
Reply: Frank Knobbe: "Re: Flaw caused by default rulesets in many desktop firewalls under windows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 10 2002 - 19:12:10 PDT