Re: Kerio Personal Firewall DOS Vulnerability

[Jason Giglio <jgiglio () netmar com>]

I don't know if this is related, but I know WinRoute 2.x had hard coded built in connection throttling, even doing an 
nmap SYN scan from INSIDE the firewall would DoS yourself.  I don't know how much of the codebase is shared between the 
two products, but I'd expect they mostly are the same.  This has been an issue for a long time if this is indeed the 
same thing.


On Mon, 26 Aug 2002 21:59:22 +0800
"Abraham Lincoln" <sunninja () scientist com> wrote:
> Test bed:
>    [*Nix b0x with Synflooder] <===[10/100mbps switch===> [Host with KPF] 
>
>  1] DoS vulnerability with Kerio Personal Firewall 2.x.x Default Installation
>     - KPF is vulnerable with Synflood attack by sending minimum of 300 syn packets the target host will stop from 
> responding, 100% of  the CPU utilization will be consumed and eventually hangs-up the machine.
>
> 2] Setting the Personal firewall to High Security  and Block all services and Protocols. 
>     - It is quite similar to the first one but the personal firewall is configured to block all services and 
> protocols.  After sending a minimum of 500 syn packets from port 1-1024. The host will stop from responding, 100% of 
> the CPU utilization will be consumed.