Re: Kerio 2.1.5 Vulnerability

From: Alan Illeman (illemann_at_surfbest.net)
Date: 05/30/04 

Date: Sun, 30 May 2004 11:30:19 -0400

"BoB" <me@privacy.net> wrote in message
news:eaojb0lm42gkc2cms6j5ci7c13jr18eah1@4ax.com...
> On Sat, 29 May 2004 10:19:57 -0400, "Alan Illeman"
> <illemann@surfbest.net> wrote:
>
> >
> >"Kerodo" <kerodonospamkenny@hotmail.com> wrote in message
> >news:MPG.1b213e3d6d45640e98968a@news.west.cox.net...
> >> I'm posting this message because I believe I have found a vulnerability
> >> in Kerio 2.1.5 and that I should share this with other Kerio users who
I
> >> believe are vulnerable to this exploit, even though I can't explain it
> >> all very well. I'll do my best.. What it boils down to is that a
> >> malicious person is able to get packets to any port past the firewall
if
> >> they wish.
> >>
> >> Some time ago, I turned on logging of ICMP in Kerio and noticed that
> >> there was ICMP Type 3 outbound to various IP addresses, other than my
> >> DNS servers. I wasn't worried about Type 3 to my DNS servers since
this
> >> appeared to be fairly safe and common, but the other destinations
> >> bothered me. Why would my machine be sending Type 3 to seemingly
random
> >> IPs?
> >
> >I allow [8] IN and [0] OUT (else my ISP folds my dialup connection) and
> >all other types are blocked IN and OUT, and logged - but no log entries
> >of any of the blocked types.
>
> How odd. Mine is set just the opposite, [0] IN and [8] OUT, with a
> few others, and my ISP never drops my connection.
>
> Different stokes for different ISPs. :-)
>
> BoB
>

Thanks Bob, mine IS: [0] IN and [8] out.

Relevant Pages

  • Re: VPN, split DNS and name resolution
    ... Thanks, they are given the DNS and Wins by the VPN connection, however. ... They also get an external DNS when they first connect to their ISP. ... > Hi Bob, ...
    (microsoft.public.isa)
  • Re: Cyberterrorism [was: Re: NSA wiretap, Friday night]
    ... uniform rule to disconnect compromised machines. ... Wouldn't someone move from one ISP to another if it was really bad at ... but only obeying the terms of a statute ... needs the connection open, the ISP can open it through the proxy server. ...
    (comp.os.linux.security)
  • Re: DSL connection
    ... upgraded to a different speed from the same ISP. ... rate and the connection seemed to be slugish at times. ... You state that you have no router, nor any security systems that would interfere ...
    (microsoft.public.windowsxp.network_web)
  • Re: Is there a minimum dialup speed that Vista can cope with?
    ... I no longer ring Eircom ... internet/phone bundle with another ISP, UTV (Eircom just rakes in the line ... I'm keeping modem logs because the line quality fluctuates many times ... hardware/software to fail with this slow connection. ...
    (microsoft.public.windows.vista.networking_sharing)
  • Re: Connectivity, but cant browse or send/receive
    ... I spoke with my ISP several times in the last week. ... because I still have an active connection. ... My ISP suspects it's probably spyware. ... software and updates to install. ...
    (microsoft.public.windows.inetexplorer.ie6.setup)