In-Reply-To: <20020510184415.6881.qmail@mail.securityfocus.com> Only as an addition: Tiny personal firewall for example allows ANY communication on port 53 UDP outbound, it does not even check if that is really a DNS request. This is a big security hole that should be fixed immediatly. Note: I also saw that some default settings of ZoneAlarm have DNS requests enabled or they enable them while using ZA. I have not tested my trojan with ZA yet, so I dont know if ZA checks if those requests are valid DNS requests, but there is a possibility that the hole also affects this firewall. If anyone finds out if other firewalls are vulnerable, I would be happy to hear about that. To test that, simply write a program that connects to another computer in your network on UDP 53 where you listen with netcat for example and send a string. If the firewall doesnt alert this connection, then it is vulnerable. cu Chris (decoder)
