|
Brought to you by:
Suppliers of:
|
|
|
| |
"With hacker attacks, data theft and privacy violations rampant on the Internet you need a comprehensive solution to safeguard your PC. With Outpost Firewall Pro, you get award-winning firewall software that takes care of your online security needs."
By flooding Outpost Pro with a sustained rate of packets it is possible to cause the firewall to consume more and more system resources that eventually will cause an access violation and will crash the firewall. |
| |
Credit:
The information has been provided by Armin Pelkmann.
|
| |
Vulnerable Systems:
* Agnitum Outpost Pro firewall version 2.1
Outpost Pro maintains a list of all new incoming packets. When new packets arrive it will add them to the list and keep them until they are processed. Using a flood of packets that will utilize a lot of CPU time (such as in the case of small packets) it is possible to cause Outpost to fall behind in how fast it handles the packets. Theoretically this type of behavior can be seen in any firewall.
However, the problem lies in the fact that Outpost Pro keeps allocating more and more resources from the system in order to keep all received packets. There is essentially no limit to the amount of resources it will consume. Therefore, flooding the firewall with small TCP packets with the URG, PSH, SYN, FIN Flags set and random Source IPs, at a rate larger than 90Kb/sec, will cause the firewall to stop processing packets in real-time since it can't keep up with the incoming rate.
Vendor Status:
The vendor has been notified about two weeks ago and the fix is planned for the next version.
Workaround
In order to avoid the DoS, the following temporary workaround is possible:
* Exit Outpost
* Edit outpost.ini file that is located in Outpost folder and set:
HideIcmpActivity=yes
HideIpActivity=yes
* Save it and start Outpost.
|
|
|
|
|
