Full Disclosure mailing list archives
Kerio firewall possible fragmentation issue
From: "Curt Wilson" <netw3_security () hushmail com>
Date: Thu, 8 May 2003 23:08:31 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Since the Kerio personal firewall is being picked on these days, I thought I'd throw my two cents in. The firewall is free, so perhaps this is a case of "you get what you pay for". Still, one expects firewall software to perform at a certain level. In any case I found a potential issue, but I'm unable to reproduce it - I didn't fully document all of the conditions that were required for the issue to present itself (duh). Basically, I was running the Kerio personal firewall on a Win2K pro box. Firewall rules were in place to allow certain RFC1918 addresses access to certain ports. All other source IP's were supposed to be dropped. An nmap scan from the Internet through fragrouter indicated that the ports were open. I checked my results at the time, and only those ports that should have allowed local LAN access were reported as open. I may have used nmap's fragmentation options, but for some reason I got distracted and did not document the exact conditions and cannot reproduce. This could be some type of fluke, but at the time it seemed lke a problem. At the very least, there could be a problem in the way Kerio handles packet fragmenation, posibly allowing fragmented exploits to walk right through in certain cases. I realize this is vague. I've since ditched Kerio and have not bothered to follow up on this. I didn't really expect the fragrouter based attacks to really accomplish anything, but I guess there are still uses for the tool. Curt R. Wilson Netw3 Security www.netw3.com -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wmMEARECACMFAj67RPYcHG5ldHczX3NlY3VyaXR5QGh1c2htYWlsLmNvbQAKCRBGd/Yw aRH3K5hsAJ9KSh9UWCHv33mIAT+V/mQbamejXwCgvufU8xmjJJj38tGIHQCzLx3oNqc= =ku28 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Kerio firewall possible fragmentation issue Curt Wilson (May 09)