Re: Kerio 2.1.5 Vulnerability
From: Alan Illeman (illemann_at_surfbest.net)
Date: 05/29/04
- Next message: gmoney1616: "Web server placement in DMZ"
- Previous message: Mike: "Re: ZoneAlarm - Latest Release - Lots of Problems"
- In reply to: Kerodo: "Kerio 2.1.5 Vulnerability"
- Next in thread: BoB: "Re: Kerio 2.1.5 Vulnerability"
- Reply: BoB: "Re: Kerio 2.1.5 Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 29 May 2004 10:19:57 -0400
"Kerodo" <kerodonospamkenny@hotmail.com> wrote in message
news:MPG.1b213e3d6d45640e98968a@news.west.cox.net...
> I'm posting this message because I believe I have found a vulnerability
> in Kerio 2.1.5 and that I should share this with other Kerio users who I
> believe are vulnerable to this exploit, even though I can't explain it
> all very well. I'll do my best.. What it boils down to is that a
> malicious person is able to get packets to any port past the firewall if
> they wish.
>
> Some time ago, I turned on logging of ICMP in Kerio and noticed that
> there was ICMP Type 3 outbound to various IP addresses, other than my
> DNS servers. I wasn't worried about Type 3 to my DNS servers since this
> appeared to be fairly safe and common, but the other destinations
> bothered me. Why would my machine be sending Type 3 to seemingly random
> IPs?
I allow [8] IN and [0] OUT (else my ISP folds my dialup connection) and
all other types are blocked IN and OUT, and logged - but no log entries
of any of the blocked types.
- Next message: gmoney1616: "Web server placement in DMZ"
- Previous message: Mike: "Re: ZoneAlarm - Latest Release - Lots of Problems"
- In reply to: Kerodo: "Kerio 2.1.5 Vulnerability"
- Next in thread: BoB: "Re: Kerio 2.1.5 Vulnerability"
- Reply: BoB: "Re: Kerio 2.1.5 Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
