mailing list archives
Re: Kerio Personal Firewall
From: flur <flur () flurnet org>
Date: Wed, 20 Nov 2002 04:05:36 -0500
This is more a technicality then a security problem but i forsee it causing
problems. Adding rules requires a password, but allowing and denying
individual connections does not.. I dont understand the logic. I've tested
this on version 2.1.4.
KPF determines applications by path and filename, when applications are
changed it notices the md5 checksum difference and reports it. Clicking yes
gives your application permission to transmit to any ip and any port,
because the admin probably created the rule using defaults. You can use the
client component of KPF to view all applications listening and connected,
src/dest ips & ports etc.
In conclusion, i'd like to recommend Kerio either remove the password
protection altogether or fix the defaults to detect hosts, or at least port
to restrict the potential damage and require a password to execute binaries
with changed md5s (ideally the admin should be able to over-ride this check
for certain binaries). Also make it ask for a password when connections are
made where rules don't exist.
PS: Is this material worthy of bugtraq or a vendor report?
At 12:41 PM 11/18/2002 -0600, you wrote:
I am trying to configure Kerio Personal Firewall and this
allows me to specify explicitly which service is allowed inbound/outbound
connection thru either TCP/UDP including the exact port numbers and IP
My question is: Is there a software/utility that will tell me exactly which
service/application is currently listening on exactly which TCP/UDP port
"netstat -a" only lists the active listening ports but doesnt tell me which
service/application is listening on that port for incoming packets.
I would like to "lock down" the server as much as possible by specifying
exactly which port and service a connection is allowed. Thanks in advance.
____________________ __ _
~FluRDoInG flur () flurnet org
KEY ID 0x8C2C37C4 (pgp.mit.edu) RSA-CAST 2048/2048
1876 B762 F909 91EB 0C02 C06B 83FF E6C5 8C2C 37C4