Results 1 to 10 of 10
  1. #1
    Join Date
    Sep 2009
    Posts
    46

    Exclamation Firewall rulesets can be bypassed. HELP

    I'm getting this from Control Scan.

    Firewall rulesets can be bypassed. Risk:
    Critical UDP Port:
    -1
    It is possible to bypass the rules of the remote firewall by sending
    UDP packets with a source port equal to 53.

    An attacker may use this flaw to inject UDP packets to the remote
    hosts, in spite of the presence of a firewall.

    Solution:
    Either contact the vendor for an update or review the firewall rules settings.

    How can I fix this ?

  2. #2
    Join Date
    Nov 2003
    Location
    Kherson, Ukraine
    Posts
    267
    Show you firewall rules.
    What OS you using?
    Private remote administrator of Linux servers - www.petrov.ks.ua
    Quality hosting - Host-Web-Site.com

  3. #3
    Join Date
    Sep 2009
    Posts
    46
    I'm on CentOs 5

  4. #4
    Join Date
    Mar 2009
    Location
    /home/khunj
    Posts
    432
    It means you have a rule accepting incoming packets from port 53, thus an attackant could send any packets from port 53 (or even spoof them) to get through the firewall. Solution : remove that rule
    Look pretty much like a Kerio vulnerability.
    NinTechNet
    ★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
    ★ NinjaMonitoring : Monitor your website for suspicious activities.

  5. #5
    Join Date
    Sep 2009
    Posts
    46
    Ok, where do I remove that Rule Where should I look.
    I am using CENTOS 5.2 with cpanel

  6. #6
    Join Date
    Jul 2009
    Location
    Hamburg - Germany
    Posts
    161
    Quote Originally Posted by tegralens View Post
    Ok, where do I remove that Rule Where should I look.
    I am using CENTOS 5.2 with cpanel
    Do you have CSF-Firewall on your server?


    *** You have to update your CentOS to 5.4 to have better server

  7. #7
    Join Date
    Sep 2009
    Posts
    46
    Don't know if I have a CSF-Firewall ? How can I check ? I use WHM and cpanel and I have root Access. Now upgrading I think would brake stuff so I think that is out because I know nothing about linux and would not know where to begin to fix something if it brakes

  8. #8
    Join Date
    Jul 2009
    Location
    Hamburg - Germany
    Posts
    161
    Quote Originally Posted by tegralens View Post
    Don't know if I have a CSF-Firewall ? How can I check ? I use WHM and cpanel and I have root Access. Now upgrading I think would brake stuff so I think that is out because I know nothing about linux and would not know where to begin to fix something if it brakes
    Try this commend to know if you are using CSF.

    PHP Code:
    # service csf status 
    I have searched the Internet, but nothing found, This is a bugs in firewall, somebody has used this port and you have get this error.

  9. #9
    Join Date
    Mar 2009
    Location
    /home/khunj
    Posts
    432
    Output your firewall rules :

    # iptables -L -nvx
    NinTechNet
    ★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
    ★ NinjaMonitoring : Monitor your website for suspicious activities.

  10. #10
    Join Date
    Sep 2009
    Posts
    46
    I dont know what is going on now because now control scan does not have it there anymore. And I have not done anything. The Scan show as passed. If it was a false positive how am I going to now that ?

Similar Threads

  1. When Biometric Security is... Bypassed
    By Mike - Limestone in forum Web Hosting Lounge
    Replies: 14
    Last Post: 07-28-2009, 11:36 PM
  2. Do you recommend a software firewall when behind a hardware firewall?
    By AquariusStorage in forum Hosting Security and Technology
    Replies: 3
    Last Post: 12-17-2008, 03:53 PM
  3. url forwarding: index.htm bypassed?
    By jjwaters in forum Domain Names
    Replies: 0
    Last Post: 03-19-2007, 09:30 PM
  4. Question w/ IPFW - rulesets...
    By robgct in forum Hosting Security and Technology
    Replies: 2
    Last Post: 10-17-2004, 05:04 PM
  5. APF firewall. Daily automated email showing firewall status
    By Charles Sweeney in forum Hosting Security and Technology Tutorials
    Replies: 0
    Last Post: 06-24-2004, 04:18 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •