Possible Kerio Vulnerability Workaround

M

mhicaoidh

Taking a moment's reflection, Hassan I Sahba mused:
|
| People should know if their firewall is vulnerable in some
| situations..

As soon as the software ends its development cycle, the security
conscious user should update their solution to something current. That's
common sense.
 
H

Hassan I Sahba

I saw that same article myself.. It should have worked, but it didn't. I
saw the usual outbound ICMP type 3 code 3 that I always see as a result of
an incoming fragmented UDP packet getting thru. Unless my outbound ICMP
type 3 is due to some other cause (which I seriously doubt)..

Nice try though.. :)

When I observed the fragmented packets coming in in other firewalls, I
noticed that packets came in pairs. I'd see two at the exact same instant.
Jetico firewall blocked them as fragments. Sygate shows one as a frag to
port 0 and then the other packet to port 1026. They're always to port 1026
here. I wonder if your registry hack just blocked the initial fragment and
let the other packet thru or something? I don't really understand or know
how it all works...
Click to expand...

It looks like a quick scan to see if your IP is up, followed by
messenger spam. If you capture them with Ethereal you can see if it is
spam and read the message they are sending. Maybe they thought there
was a chance they might get past the odd firewall by fragmenting the
spam. I doubt you have messenger running or you might have seen the
pop-ups. If you had messenger running, blocked 1026 with Kerio, and
got spammed it might prove a point. :)

His
 
K

Kerodo

New companies always pay more attention and offer better deals to get you
to switch from a leader to their product. And since Kerio 2 is older, how
the heck can you make any comparison.
Click to expand...

From all I've heard, Jetico has an excellent reputation and has other
highly regarded products as well. My experience with them has been
exemplary for 6 months now. And they haven't gotten a dime from me either
since it's a free product so far. Perhaps you're right, but what else can
you go by. There are two good firewalls out there. One offers excellent
support and an excellent product, and the other offers shitty support and a
good product. Which one would you pick?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Kerio 2.1.5 vulnerability 27
Large TcpWindowSize 2
MTU size 3
Default MTU 1
inconsistent results with different methods of executing file 7
Setting MTU Value 3
Scripting: Changing MTU Size for a specific adapter. 6
delete values in the registry will let windows pick up default valuse? 6

Top