Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Phrack #60: "Java tears down the Firewall"

From: Mikael Olsson <mikael.olsson () clavister com>
Date: Fri, 03 Jan 2003 22:13:13 +0100

I'm getting question about this off-list, so...

Mikael Olsson wrote:


http://www.phrack.org/show.php?p=60&a=3
Item 5: "Java tears down the Firewall", about two thirds down the page.


The attack:

- HTTP is only a means to deliver a Java applet to the client browser.
- The Java applet acts as an FTP client, running in active mode
  (data connection goes FROM the server TO the client)
- The "data channel" set up by the applet points to a port on the 
  client where something vulnerable is running
- The firewall automagically pokes a hole for this "data channel"
- The server box is suddenly allowed to connect to this 
  vulnerable port, through the firewall.

Some firewalls disallow connections to ports below 1024, but, 
unfortunately, there's plenty of yummy stuff above 1024, too.


-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: