Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking
  Print view Previous topic | Next topic 
Author Message
vitrum
PostPosted: Mon Aug 23, 2004 11:16 pm 
Offline
Senior Newbie

Joined: Mon Dec 08, 2003 1:46 pm
Posts: 19
ICQ: 148043
WLM: vitre0us@yahoo.com
Yahoo Messenger: vitre0us
AOL: vitre0us
Location: Socal
http://cgi.nessus.org/plugins/dump.php3?id=11580

Anyone have any suggestions for IPTables rules that can be used to avoid this type of firewall vulnerability? Also anyone know of a simple method of testing it?

I can see methods of protecting yourself if you are not running an authoritative DNS server... however if you are... it seems a bit more tricky.
Top
   
Reply with quote  
jeffml
PostPosted: Tue Aug 24, 2004 1:37 am 
Offline
Junior Member

Joined: Tue Feb 03, 2004 2:37 pm
Posts: 26
vitrum wrote:
http://cgi.nessus.org/plugins/dump.php3?id=11580

Anyone have any suggestions for IPTables rules that can be used to avoid this type of firewall vulnerability? Also anyone know of a simple method of testing it?

I can see methods of protecting yourself if you are not running an authoritative DNS server... however if you are... it seems a bit more tricky.

This seems to be a vulnerabilty in Kerio Personal Firewall as per the referenced BugTraq ID. As long as you don't open a hole for everything with udp src port 53 you should be fine.
Top
   
Reply with quote  
vitrum
 Post subject:
PostPosted: Tue Aug 24, 2004 1:40 am 
Offline
Senior Newbie

Joined: Mon Dec 08, 2003 1:46 pm
Posts: 19
ICQ: 148043
WLM: vitre0us@yahoo.com
Yahoo Messenger: vitre0us
AOL: vitre0us
Location: Socal
Well if your running a DNS server you have to have UDP 53 open... :(

And I don't know is this a vuln that only affects Kerio? I read that too, but I also read a few places that lead me to believe this affects IPTables as well...
Top
   
Reply with quote  
vitrum
 Post subject:
PostPosted: Tue Aug 24, 2004 1:50 am 
Offline
Senior Newbie

Joined: Mon Dec 08, 2003 1:46 pm
Posts: 19
ICQ: 148043
WLM: vitre0us@yahoo.com
Yahoo Messenger: vitre0us
AOL: vitre0us
Location: Socal
I read a recommendation for the following rules... however I'm not sure how to sucessfully test it for certain...

Code:
/sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m state --state ESTABLISHED --sport 53 -j ACCEPT
/sbin/iptables -A INPUT -p udp --sport 53 -j DROP
Top
   
Reply with quote  
jricher
 Post subject: Testing
PostPosted: Thu Dec 16, 2004 8:29 pm 
Offline
Senior Newbie

Joined: Wed Dec 15, 2004 11:24 pm
Posts: 5
You can test for this from any other box using a tools like nmap. You can get this at insecure.org.

Jacques
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking


Who is online

Users browsing this forum: No registered users and 3 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group