[26815] in bugtraq
Re: Kerio Personal Firewall DOS Vulnerability
daemon@ATHENA.MIT.EDU (Jason Giglio)
Mon Aug 26 12:15:21 2002
Date: Mon, 26 Aug 2002 11:24:12 -0400
From: Jason Giglio <jgiglio@netmar.com>
To: "Abraham Lincoln" <sunninja@scientist.com>
Message-Id: <20020826112412.1b4efeeb.jgiglio@netmar.com>
In-Reply-To: <20020826135922.76617.qmail@mail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
I don't know if this is related, but I know WinRoute 2.x had hard coded built in connection throttling, even doing an nmap SYN scan from INSIDE the firewall would DoS yourself. I don't know how much of the codebase is shared between the two products, but I'd expect they mostly are the same. This has been an issue for a long time if this is indeed the same thing.
On Mon, 26 Aug 2002 21:59:22 +0800
"Abraham Lincoln" <sunninja@scientist.com> wrote:
>
> Test bed:
> [*Nix b0x with Synflooder] <===[10/100mbps switch===> [Host with KPF]
>
> 1] DoS vulnerability with Kerio Personal Firewall 2.x.x Default Installation
> - KPF is vulnerable with Synflood attack by sending minimum of 300 syn packets the target host will stop from responding, 100% of the CPU utilization will be consumed and eventually hangs-up the machine.
>
> 2] Setting the Personal firewall to High Security and Block all services and Protocols.
> - It is quite similar to the first one but the personal firewall is configured to block all services and protocols. After sending a minimum of 500 syn packets from port 1-1024. The host will stop from responding, 100% of the CPU utilization will be consumed.
