[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] RaQ4: How to prevent by-passing firewall rules by sending UDP:53

Subject: [cobalt-users] RaQ4: How to prevent by-passing firewall rules by sending UDP:53
From: "Al-Juhani" <aljuhani@xxxxxxxxx>
Date: Fri Jan 23 06:40:01 2004
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Hello List.

I have a RaQ4 with IPchains installed but not tightly configured as I only
have certain ports blocked plus some ISPs that have been source of scans ..

Today I performed a Security Audit from a third-party comapny and in thier
report they have indicated the following vulnerability.

----
Vulnerability found on port general/udp:

It is possible to by-pass the rules of the remote firewall
by sending UDP packets with a source port equal to 53.

An attacker may use this flaw to inject UDP packets to the remote
hosts, in spite of the presence of a firewall.

Solution : Review your firewall rules policy
Risk Factor : High
----

I am not sure as I tried before to apply some control on DNS running on the
Server but caused many problems ..

Any idea,

Thanks

Al-Juhani
aljuhani@xxxxxxxxx

Follow-Ups:
- Re: [cobalt-users] RaQ4: How to prevent by-passing firewall rules by sending UDP:53
  - From: Ian Gibbons

Prev by Date: RE: [cobalt-users] Apache C14 / Update 16644 - code fix
Next by Date: RE: [cobalt-users] How does one setup (extra) SSL on a Qube 3?
Previous by thread: [cobalt-users] RaQ4 strangeness
Next by thread: Re: [cobalt-users] RaQ4: How to prevent by-passing firewall rules by sending UDP:53

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index