madfish
05-09-2001, 07:48 PM
I was following links from here and came across this item. I think I did the c/p thing right for the link to it:http://neworder.box.sk/showme.php3?id=1804
ZoneAlarm Firewall can be easily scanned for open ports
Apr, 24 2000 - 20:42
ZoneAlarm (http://www.zonelabs.com) is a very popular personal firewall for Microsoft Windows computers and easy to use for newbies because it is application based, meaning, you apply network permission to applications instead of ports.
This Firewall has been found to contain a serious security hole that would allow a remote attacker to TCP and UDP scan the entire host's port range without detection. This is done by specifying a special port number in the source port part of the TCP or UDP packet.
Vulnerable systems:
ZoneAlarm version 2.1.10
ZoneAlarm version 2.0.26
If one uses port 67 as the source port of a TCP or UDP scan, ZoneAlarm will let the
packet through and will not notify the user. This means, that one can TCP or UDP port
scan a ZoneAlarm protected computer as if there were no firewall there IF one uses port
67 as the source port on the packets.
Exploit:
UDP Scan:
You can use NMap to port scan the host with the following command line:
nmap -g67 -P0 -p130-140 -sU 192.168.128.88
(Notice the -g67 which specifies source port).
TCP Scan:
You can use NMap to port scan the host with the following command line:
nmap -g67 -P0 -p130-140 -sS 192.168.128.88
(Notice the -g67 which specifies source port).
Provided by : Wally Whacker - mailto:whacker@HACKERWHACKER.COM
I was just told at grc's site that this was patched a while ago. Geee. I ment well. sorry all.. madfish
[This message has been edited by madfish (edited 05-09-2001).]
ZoneAlarm Firewall can be easily scanned for open ports
Apr, 24 2000 - 20:42
ZoneAlarm (http://www.zonelabs.com) is a very popular personal firewall for Microsoft Windows computers and easy to use for newbies because it is application based, meaning, you apply network permission to applications instead of ports.
This Firewall has been found to contain a serious security hole that would allow a remote attacker to TCP and UDP scan the entire host's port range without detection. This is done by specifying a special port number in the source port part of the TCP or UDP packet.
Vulnerable systems:
ZoneAlarm version 2.1.10
ZoneAlarm version 2.0.26
If one uses port 67 as the source port of a TCP or UDP scan, ZoneAlarm will let the
packet through and will not notify the user. This means, that one can TCP or UDP port
scan a ZoneAlarm protected computer as if there were no firewall there IF one uses port
67 as the source port on the packets.
Exploit:
UDP Scan:
You can use NMap to port scan the host with the following command line:
nmap -g67 -P0 -p130-140 -sU 192.168.128.88
(Notice the -g67 which specifies source port).
TCP Scan:
You can use NMap to port scan the host with the following command line:
nmap -g67 -P0 -p130-140 -sS 192.168.128.88
(Notice the -g67 which specifies source port).
Provided by : Wally Whacker - mailto:whacker@HACKERWHACKER.COM
I was just told at grc's site that this was patched a while ago. Geee. I ment well. sorry all.. madfish
[This message has been edited by madfish (edited 05-09-2001).]