Access to open udp ports with Sygate Pro 5.0

From: David Fernández Madrid (conde0@TELEFONICA.NET)
Date: 01/22/03

  • Next message: Russ: "Alert: Microsoft Security Bulletin - MS03-001" 
    Date:         Wed, 22 Jan 2003 20:35:50 +0100
From: David Fernández Madrid <conde0@TELEFONICA.NET>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Issue : Full access to open udp ports with Sygate Pro 5.0

    Vendor status : vendor was contacted but got no response
    from them

    Description:

    Sygate Pro is a personal firewall very easy to configure.No rules
    are installed in a default configuration.A default installation pretends
    to be enough to block all accesses to your ports.

    By default , traffic from udp source port 137 or 138 is allowed by
    the firewall , so to bypass it you just have to set your source port
    to 137 or 138.Doing this all packets addressed to an open udp port
    will be forwarded by the firewall

    Attack :

    nmap -vv -P0 -sU 192.168.0.1 -g 137

    Recommendation :

    Set a rule to block all incoming udp traffic with source
    port 137 and 138

    Regards,

    David Fernandez Madrid,
    Madrid,Spain

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure Corporation
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    TICSA - Anniversary Special - Limited Time

    Become TICSA certified for just $221.25 US when you register before 3/31/03
    with PROMO "TS0103" at www.2test.com. NO membership fees, certification
    good for 2 years. Price for international delivery just $296.25 US, with
    this offer. Offer cannot be combined with any other special and expires
    3/31/03. Visit www.trusecure.com/ticsa for full details.

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo