[Full-Disclosure] Re: UDP bypassing in Kerio Firewall 2.1.4

From: L. Walker (k_aneda_at_yahoo.com)
Date: 05/08/03

  • Next message: Ron DuFresne: "Re: [Full-Disclosure] Hotmail & Passport (.NET Accounts)" 
    To: conde0@telefonica.net
Date: Thu, 08 May 2003 18:43:37 +1000

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hey there David...

    Concerning the Kerio Firewall "bug" you posted to full-disclosure,
    its
    more of a ruleset issue than a actual bug in the firewall itself.

    If you want an example, search through for a bug in Norton Internet
    Security, where you were able to do scans with specific TCP flags
    set..

    Nice of you to post though :)

    - --
    L. Walker
    BOFH Excuse #385: Dyslexics retyping hosts file on servers
    - --
    If one wants to be a policeman, one must learn how to be a thief.
    - --
    That's why we spend so much time trying to understand our own
    motivations
    and those of others. That's what makes life so interesting.
       Kaji, Evangelion Ep 18
    - --

    -----BEGIN PGP SIGNATURE-----
    Version: PGPfreeware 7.0.3

    iQA/AwUBProYtwSerGmLjhS4EQJhjwCeK2KtdoYLDYqiVOtRY2IEO5D1RHIAnRnN
    usby1kQVbNiK0pIsnH1tNOG+
    =UQF1
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Ron DuFresne: "Re: [Full-Disclosure] Hotmail & Passport (.NET Accounts)"

    Relevant Pages

    • Re: [Full-disclosure] Filezillas silent caching of users credentials
      ... There has even been a bug filed that draws out great ways to psudo-mitigate ... "Whoever keeps closing this issue and/or dismissing its importance ... Full-Disclosure - We believe in it. ... and/or attachments to it are strictly prohibited. ...
      (Full-Disclosure)
    • Re: [Full-disclosure] Filezillas silent caching of users credentials
      ... at a detailed threat analysis. ... Take the apache.org xss bug that got ... [Full-disclosure] Filezilla's silent caching of user's ... In fact, given the current state of the security industry, I think I have ...
      (Full-Disclosure)
    • Re: [Full-disclosure] Facebook Attach EXE Vulnerability
      ... the bug hunting page (as with everywhere else, ... maintaining full-disclosure. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
      (Full-Disclosure)
    • Re: [Full-disclosure] Facebook Attach EXE Vulnerability
      ... then to present it appropriately, full-disclosure or no disclosure, it ... security investment, is important, with some luck this wont take ... believe me thats where there is no shortage of spammers and such who ... it is in their interest to downplay your bug to the rest of the ...
      (Full-Disclosure)
    • Re: [Full-disclosure] Filezillas silent caching of users credentials
      ... There has even been a bug filed that draws out great ways to psudo-mitigate ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
      (Full-Disclosure)