Flaw caused by default rulesets in many desktop firewalls under windows
From: Christian decoder Holler (christian_holler@web.de)Date: 05/10/02
- Previous message: bugzilla@redhat.com: "[RHSA-2002:081-06] perl-Digest-MD5 UTF8 bug results in incorrect MD5 sums"
- Next in thread: Frank Knobbe: "Re: Flaw caused by default rulesets in many desktop firewalls under windows"
- Reply: Frank Knobbe: "Re: Flaw caused by default rulesets in many desktop firewalls under windows"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 10 May 2002 18:44:15 -0000 From: Christian decoder Holler <christian_holler@web.de> To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is)
Several Desktop-Firewalls for Windows, such as Tiny
Personal Firewall 2.0 or ATGuard, maybe also others, allow
DNS resolving by default. That allows reversed trojans to
connect to a server on port 53 and send/receive commands
and informations without the user knowing it. The firewall
permits any communication to any server on port 53 UDP. I
wrote a small trojan in VB and tested it with Tiny Personal
Firewall 2.0 and it worked.
Solution: Change the default rules for DNS to a fixed host,
for example to the DNS server of the ISP or the DNS server
in the local network.
cu
Chris (decoder)
- Previous message: bugzilla@redhat.com: "[RHSA-2002:081-06] perl-Digest-MD5 UTF8 bug results in incorrect MD5 sums"
- Next in thread: Frank Knobbe: "Re: Flaw caused by default rulesets in many desktop firewalls under windows"
- Reply: Frank Knobbe: "Re: Flaw caused by default rulesets in many desktop firewalls under windows"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
