Security Basics mailing list archives
Re: Kerio Personal Firewall
From: flur <flur () flurnet org>
Date: Wed, 20 Nov 2002 04:05:36 -0500
This is more a technicality then a security problem but i forsee it causing problems. Adding rules requires a password, but allowing and denying individual connections does not.. I dont understand the logic. I've tested this on version 2.1.4.
KPF determines applications by path and filename, when applications are changed it notices the md5 checksum difference and reports it. Clicking yes gives your application permission to transmit to any ip and any port, because the admin probably created the rule using defaults. You can use the client component of KPF to view all applications listening and connected, src/dest ips & ports etc.
In conclusion, i'd like to recommend Kerio either remove the password protection altogether or fix the defaults to detect hosts, or at least port to restrict the potential damage and require a password to execute binaries with changed md5s (ideally the admin should be able to over-ride this check for certain binaries). Also make it ask for a password when connections are made where rules don't exist.
PS: Is this material worthy of bugtraq or a vendor report? At 12:41 PM 11/18/2002 -0600, you wrote:
Hello list,I am trying to configure Kerio Personal Firewall and this firewallallows me to specify explicitly which service is allowed inbound/outboundconnection thru either TCP/UDP including the exact port numbers and IP range torespond to. My question is: Is there a software/utility that will tell me exactly whichservice/application is currently listening on exactly which TCP/UDP port number?"netstat -a" only lists the active listening ports but doesnt tell me which service/application is listening on that port for incoming packets. I would like to "lock down" the server as much as possible by specifying exactly which port and service a connection is allowed. Thanks in advance. Regards, chchin
____________________ __ _ ~FluRDoInG flur () flurnet org http://www.flurnet.org KEY ID 0x8C2C37C4 (pgp.mit.edu) RSA-CAST 2048/2048 1876 B762 F909 91EB 0C02 C06B 83FF E6C5 8C2C 37C4
Current thread:
- Kerio Personal Firewall Chee%2dHeng Chin (Nov 19)
- Re: Kerio Personal Firewall Steve Cooper (Nov 21)
- Re: Kerio Personal Firewall JM (Nov 21)
- Re: Kerio Personal Firewall Chew Yean Tai - FOS (Nov 21)
- Re: Kerio Personal Firewall dwarkeeper (Nov 26)
- Re: Kerio Personal Firewall flur (Nov 21)
- Re: Kerio Personal Firewall SFDC Admin (Nov 22)
- Re: Kerio Personal Firewall Alexandros Papadopoulos (Nov 22)
- Re: Kerio Personal Firewall kevin (Nov 25)
- Re: Kerio Personal Firewall alaskan (Nov 26)
- Re: Kerio Personal Firewall Pablo Gietz (Nov 25)
- <Possible follow-ups>
- RE: Kerio Personal Firewall Steve Payne (Nov 21)
- RE: Kerio Personal Firewall James Taylor (Nov 25)
- RE: Kerio Personal Firewall herakel (Nov 21)
- RE: Kerio Personal Firewall Heilman Sgt Marshall S (Nov 21)
- RE: Kerio Personal Firewall Zimin, Alex (Nov 22)
(Thread continues...)