Hi Tarek,
Firewalls are like beginning Judo students showing off what they
learned. "Swing at me like this, no, slower. Wait, a little higher.
OK, here's how I can block you..." As long as traffic behaves according
to the proper rules, a firewall is effective. If you know what ports
are allowed to pass through, then you use them instead of the proper
port (a.k.a.; 'tunnel').
The next level of thinking is 'surface area'. The permitted ports
through a firewall become irrelevant as the number of desktop users
increase, and the number of potential entry points increase. Lots of
corporations allow connections to external services such as; IM, DNS,
SMTP, POP3, VNC, SSH, and other. Most organizations permit any traffic
out, and NAT/PAT specific traffic inbound. Desktop users commonly load
applets and other active components from untrusted sources in their
browsers which run with the permissions granted to the logon session.
Applets in your browser (or email messages or IM client) can reach all
local services (127.0.0.1:135 or \\server\ or telnet:nn). Since all
Windows applications are peers, an administrator running a browser at
lowered privileges remains exposed to shatter attacks. Most desktop
firewalls will help protect against silent outbound connections (not XP
SP2 though) and all will protect against incoming connections which
follow the port rules.
Anyway, not very technical, but maybe food for thought.
Bill Stout
www.greenborder.com
++Beta testers needed++
**Contact me for downloadable**
-----Original Message-----
From: Tarek Naja [mailto:sectraq@gmail.com]
Sent: Monday, March 14, 2005 6:05 PM
To: firewalls@securityfocus.com
Subject: Bypassing Firewalls
hello,
am considering bypassing firewalls as a topic for my MSc. project. If
any1 can provid me with some detailed papers/resouces about different
techniques for bypassing all differnet kinds FWs. the more technical the
better. Your help is appriciated.
Thank You!
------------------------------------------------------------------------
--
FREE Download - The Future in Desktop Firewalls is Available Now
NEW NetOp Desktop Firewall, the world's first driver-centric
firewall software - protecting your laptops and corporate PCs at
ring-zero! NetOp features sophisticated process & application
control, centralized management and multiple network user profiles -
NetOp is able to increase security when mobile users plug back
into your network. Step into a more secure future - Try it FREE
http://www.securityfocus.com/sponsor/CrossTec_firewalls_050315
------------------------------------------------------------------------
--
--------------------------------------------------------------------------
FREE Download - The Future in Desktop Firewalls is Available Now
NEW NetOp Desktop Firewall, the world's first driver-centric
firewall software - protecting your laptops and corporate PCs at
ring-zero! NetOp features sophisticated process & application
control, centralized management and multiple network user profiles -
NetOp is able to increase security when mobile users plug back
into your network. Step into a more secure future - Try it FREE
http://www.securityfocus.com/sponsor/CrossTec_firewalls_050315
--------------------------------------------------------------------------
