G
Guest
Guest
Archived from groups: comp.security.firewalls (More info?)
Subject: Flawed outbound packet filtering in various
personal firewalls
=====================================================
Issue: Outbound filtering in personal firewalls does
not block packets that are generated by protocol stacks
other than the default Microsoft stack.
at least two personal firewalls don't "see" the TCP packets
that this "non-standard" protocol adapter generates.
it was found that the "Lock" or "Block All" settings of
firewalls was also ineffective against TCP packets from
non-standard protocol adapters.
Known vulnerable firewalls: ZoneAlarm and ZoneAlarm Pro as
of their current revisions and Tiny Personal Firewall. All
versions prior to the current ones are also vulnerable.
Note: Other personal firewalls are be susceptible to this
same problem.
Also troubling is the fact that, in both cases, specially
crafted packets can be sent *to* a machine which an application
can sniff off the wire. These packets are ignored by the personal
firewalls and there is no warning to the end user. This makes
two-way communication possible with a machine, even when its
firewall is set to "Lock" or "Block All" network traffic.
(courtesy Tom Liston, BugTraq.)
Note: this is a substract
wilders.org security
Subject: Flawed outbound packet filtering in various
personal firewalls
=====================================================
Issue: Outbound filtering in personal firewalls does
not block packets that are generated by protocol stacks
other than the default Microsoft stack.
at least two personal firewalls don't "see" the TCP packets
that this "non-standard" protocol adapter generates.
it was found that the "Lock" or "Block All" settings of
firewalls was also ineffective against TCP packets from
non-standard protocol adapters.
Known vulnerable firewalls: ZoneAlarm and ZoneAlarm Pro as
of their current revisions and Tiny Personal Firewall. All
versions prior to the current ones are also vulnerable.
Note: Other personal firewalls are be susceptible to this
same problem.
Also troubling is the fact that, in both cases, specially
crafted packets can be sent *to* a machine which an application
can sniff off the wire. These packets are ignored by the personal
firewalls and there is no warning to the end user. This makes
two-way communication possible with a machine, even when its
firewall is set to "Lock" or "Block All" network traffic.
(courtesy Tom Liston, BugTraq.)
Note: this is a substract
wilders.org security