Home page logo

bugtraq logo Bugtraq mailing list archives

Easy DoS on Kaspersky Anti-Hacker v1.0
From: Bojan Zdrnja <Bojan.Zdrnja () LSS hr>
Date: Thu, 20 Mar 2003 08:29:08 +1200

Product: Kaspersky Anti-Hacker
Version: 1.0
Website: http://www.kaspersky.com/buyonline.html?info=967571

1. Introduction

Kaspersky Anti-Hacker is a Kaspersky Lab personal firewall product. As other
products in this category, Kaspersky Anti-Hacker allows creation of packet
and application filtering rules.

Among the other things, Kaspersky Anti-Hacker has included a very simple version
of Intrusion Detection System. This IDS module is automatically activated upon
installation of product. IDS is capable of detecting only 7 attacks, including
port scanning and SYN/UDP flooding. Together with the IDS, firewall has also a
possibility of active blocking of detected attacks. This option (which is turned
on by default) makes DoS attacks on remote users running Kaspersky Anti-Hacker
very easy.

2. Exploit

If active blocking is turned on, upon detection of known attack, Kaspersky
Anti-Hacker will block *ALL* traffic to source IP address detected in attack.
By sending spoofed packets a remote machine running Kaspersky Anti-Hacker
attacker can easily deny legitimate traffic to any IP address.

Example with hping2:

# hping -S -i u1 -s +1025 -p +21 <victims_IP_address> -w 3072 -a \

Kaspersky Anti-Hacker will report this attack as SYN flood and will
automatically block all traffic to spoofed_IP_address.

Same thing can be accomplished with nmap's decoy option:

# nmap -sS -P0 -D<spoofed_IP_address> <victims_IP_address>

This time Kaspersky Anti-Hacker will detect port scanning attack and
automatically block all traffic to spoofed_IP_address.

3. Solution

Disable Assaulter blocking time option. Kaspersky Anti-Hacker will still report
possible attacks and user can stop them manually.

4. Vendor

Vendor notified, no response received.

Best regards,

Bojan Zdrnja

  By Date           By Thread  

Current thread:
  • Easy DoS on Kaspersky Anti-Hacker v1.0 Bojan Zdrnja (Mar 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]