Firewall Wizards mailing list archives
Paper: Unverified Fields - A Problem with Firewalls & Firewall Technology Today
From: "Ofir Arkin" <ofir () itcon-ltd com>
Date: Sun, 15 Oct 2000 01:44:50 +0200
The following problem (as discussed in this paper) has not yet been identified. Certain firewalls today, will not authenticate the validity of certain protocol fields, within the packet they are processing. The risk is exposure of information. What kind of information can be exposed? Mainly it will be unique patterns of behavior produced by the probed machines answering our crafted queries (or other kind of network traffic initiated in order to elicit a reply). Those patterns will help a malicious computer attacker to identify the operating systems in use. In my research paper “ICMP Usage In Scanning ” I have introduced new operating system fingerprinting methods based on changing values inside certain fields of the ICMP datagram. Using some of these methods I will demonstrate the risk. The paper is available from: http://www.sys-security.com/archive/papers/Unverified_Fields_1.0.pdf http://www.sys-security.com/archive/papers/Unverified_Fields_1.0.ps Cheers Ofir Arkin [ofir () itcon-ltd com] Senior Security Analyst Chief of Grey Hats ITcon, Israel. http://www.itcon-ltd.com Personal Web page: http://www.sys-security.com "Opinions expressed do not necessarily represent the views of my employer." _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Paper: Unverified Fields - A Problem with Firewalls & Firewall Technology Today Ofir Arkin (Oct 15)
- Re: Paper: Unverified Fields - A Problem with Firewalls & Firewall Technology Today Mikael Olsson (Oct 16)