Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: How to easily bypass a firewall...

From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Tue, 29 Jul 2003 12:38:45 -0500
-----Original Message-----
From: compguruman () mail comcast net 
[mailto:compguruman () mail comcast net] 
Sent: Tuesday, July 29, 2003 11:02 AM
To: full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] How to easily bypass a firewall...

At 03:49 PM 7/28/2003 -0500, you wrote:

5. Firewall dialog box uses random numbers / letters represented by 
graphics that the user has to enter in a password field if 

the password 

is not correct sound alarm, halt system.


know of anything that does this?


Would it matter?  The scenario that was proposed is that there's a
trojan on the box, and it can attempt certain methods of
programmatically disabling the firewall.  If there's a trojan on the
box, what does it matter?  *Anything* on the box can be disabled at that
point.

If I break in to a Linux box, for example, all I have to do, once I have
root, is type:
% /etc/rc.d/init.d/ipchains stop

If it's a Windows box, I just kill the service:
C:\ sc stop {firewall servicename}

Or install the pstools to do it.

The point is, once the box is owned, nothing else matters.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: