Flaw caused by default rulesets in many desktop firewalls under windows

From: Christian decoder Holler (christian_holler@web.de)
Date: 05/10/02

Date: 10 May 2002 18:44:15 -0000
From: Christian decoder Holler <christian_holler@web.de>
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is)

Several Desktop-Firewalls for Windows, such as Tiny
Personal Firewall 2.0 or ATGuard, maybe also others, allow
DNS resolving by default. That allows reversed trojans to
connect to a server on port 53 and send/receive commands
and informations without the user knowing it. The firewall
permits any communication to any server on port 53 UDP. I
wrote a small trojan in VB and tested it with Tiny Personal
Firewall 2.0 and it worked.

Solution: Change the default rules for DNS to a fixed host,
for example to the DNS server of the ISP or the DNS server
in the local network.

Chris (decoder)

Relevant Pages

  • Re: DNS Server set to forwarder randomly going out to root servers
    ... We implemented the EDNS0 change to no avail. ... The firewall is actually acting as a caching DNS server. ...
  • Re: Can Not Ping By Name
    ... >>> Make sure there's no firewall packaged with the VPN client. ... >>DNS server is the same physical server as the Exchange, ... > Network problem solving - general advice: ...
  • Re: dns server behind a firewall?
    ... > cause I wanted to be sure about the server IP switching. ... Your DNS will be down during switchover ... No. Doublecheck that the DNS server allows queries on all ... >>> firewall and want me to do the job, thats why I m posting again. ...
  • Re: Internet access problem caused by DNS failure
    ... i.e. before the Firewall part. ... Nothing stands out for the dns server. ... Ethernet adapter Wireless Network Connection: ...
  • Re: Do I really need a DNS Server?
    ... > My firewall handles the DHCP so I'll have to look into how that will work ... If you cannot set the correct DNS server on the ... >> Configure all clients to use ONLY the internal DNS server ...