Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Question: FTP via alternate port

from [Max Ashton] Network Security [Permanent Link]
Subject: Re: Question: FTP via alternate port
Date: Fri, 27 Jan 2006 08:55:40 +0000 

Hi Niels.

It's a valid concern on some firewalls. 

Many firewalls don't do any application level checks, they just check the 
port. If you're not using something like a Netscreen, or a Checkpoint 
firewall, or another firewall that does application level filtering, your 
hacker will be able to gain access through any port that is open.

I'm sure someone will be able to tell you more firewalls which can do 
application level filtering, or correct me if i'm wrong.

;)

Max Ashton


On Thursday 26 January 2006 20:27, Niels Taylor wrote:

Hello list, I hope this question is not too "newbie," and I am sure if it
is I will find out quickly.  I am interested in ways an attacker could
circumvent outbound FTP restrictions on a FW.  I have researched this a bit
but the information I am seeing is ambiguous, so I thought I'd take it
straight to the experts.

If a remote attacker gains command line access to a server (I am concerned
about a Microsoft 2000 SQL server specifically) that is behind a firewall,
and outbound FTP had been disabled at the FW, could the attacker use the MS
FTP "Open" command to specify a different, unrestricted outbound port (e.g
80 or 443) to transfer files, (assuming of course that his FTP server is
configured to listen on this port).  Is this a viable scenario, and if not,
could he send files via another method?  This question assumes no outbound
application layer inspection at the FW, so that it isn't able to see FTP
traffic on port 23, or 80, for instance.

Thank you for your help.

Niels Taylor



---------------------------------------------------------------------------
--- Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are futile against web application hacking. Check your website for
vulnerabilities to SQL injection, Cross site scripting and other web
attacks before hackers do! Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
---------------------------------------------------------------------------
----

Attachment: pgpw6OPoWzWOL.pgp
Description: PGP signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Active Directory user enumeration, Louis Lerman
Next by Date:  Re: Question: FTP via alternate port, Jason Baeder
Previous by Thread:  Question: FTP via alternate port, Niels Taylor
Next by Thread:  Re: Question: FTP via alternate port, Jason Baeder
Indexes:  [Date] [Thread] [Top] [All Lists]