Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: how to break a personal firewall

from [Ansgar -59cobalt- Wiechers] Network Security [Permanent Link]
Subject: Re: how to break a personal firewall
Date: Fri, 23 Dec 2005 02:59:53 +0100 
On 2005-12-21 James Grant wrote:

On 2005-12-20 Ansgar -59cobalt- Wiechers wrote:

On 2005-12-19 mahendra_yn@yahoo.com wrote:

Can anybody help with the information as to how we can break or
bypass or cheat the personal desktop firewall and establish a remote
session with that pc.

[...]

You may get some pointers from here:

http://copton.net/vortraege/pfw/en.html


The article you point to is over a year old and doesn't apply to
current releases - of ZoneAlarm at least.


While it's true that the speech was held a year ago your assumption that
it wouldn't apply to current personal firewalls is wrong.

In general we were exploiting a design flaw in Windows, not a bug or
flaw in any specific personal firewall. Since the messaging system
Windows uses for IPC between windows has not yet been re-designed, the
things said back then still apply.

As for Zone Alarm in particular: the free version is still susceptible
to our attack. The pro version does intercept it, but since I doubt that
they have patched the Windows messaging system my guess (from a quick
glance, maybe I'll take a closer look after the holidays) is that they
hook into the message queues to intercept such attacks. That attempt is
futile, though, since I simply need to place my hook before any other
hook to circumvent it. Besides, the additional PopUps make the program
completely unusable for normal users, because they won't understand the
question (what do users know about "windows messages"?). Even more since
the PopUps won't give the full path of the executable but just the
filename.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: DHCP Appliance based on MAC Authentication, Conlan Adams
Next by Date:  Re: Cracking simple password encryption, S.A.B.R.O. Net Security
Previous by Thread:  RE: how to break a personal firewall, James Grant
Next by Thread:  Disaster recovery - Server replication tools, Luis Fernandez
Indexes:  [Date] [Thread] [Top] [All Lists]