Flaw caused by default rulesets in many desktop firewalls under windows

[Christian decoder Holler <christian_holler () web de>]

Several Desktop-Firewalls for Windows, such as Tiny 
Personal Firewall 2.0 or ATGuard, maybe also others, allow 
DNS resolving by default. That allows reversed trojans to 
connect to a server on port 53 and send/receive commands 
and informations without the user knowing it. The firewall 
permits any communication to any server on port 53 UDP. I 
wrote a small trojan in VB and tested it with Tiny Personal 
Firewall 2.0 and it worked.

Solution: Change the default rules for DNS to a fixed host, 
for example to the DNS server of the ISP or the DNS server 
in the local network.

cu
Chris (decoder)