Full Disclosure mailing list archives

Empirical data surrounding guards and firewalls.

From: evol () ruiner halo nu
Date: Thu, 2 Sep 2004 14:45:56 -0500 (CDT)

All,

Evol would like to share empirical data gained today.  Evol believes this
make internet community much happy, and make the Mr. Peter not regulate.
So what happened?  Evol explains:

Target:
------
        -Firewall
        -McDonald's guard

Materials:
---------
        -(1) Evol
        -(1) Shoes
        -(1) Shirt
        -(1) Computer
        -(1) Internet connection
        -(1) Firewalled host

Procedure:
---------
For each target, undergo the following steps:

        1.) Enumerate an acceptable entrance policy.
        2.) Attempt to enter while following entrance policy.

Data:
-----
        Firewall:
        --------
                The firewall at internet host www.mcdonalds.com accepts
                connections to TCP/IP port 80.  Rules are similar to 'DENY
                ALL EXCEPT TCP PORT 80'  So make connection to port 80 and
                note results.
        Results:
        -------
                Normal transaction was accepted.  See results:

                HTTP/1.1 400 Bad request
                Server: Netscape-Enterprise/4.1
                Date: Thu, 02 Sep 2004 XX:XX:XX GMT
                Content-length: 147
                Content-type: text/html
                Connection: close

        Store:
        -----
                The store at the location closest to me was chosen as a
                specific target.  The entrance policy is:
                'IF (NOT SHOES) OR (NOT SHIRT) DENY'
                So, evol enters store with only shoes and a shirt.

        Data:
        ----
                Evol was rejected conduction of normal buisness.  No
                Big Mac today, get out!  Then, when Evol tries to
                proceed anyway, cops take Evol out of McDonalds.

        Conclusion:
        ----------
                People and firewalls are different.

Thanks Internet Community, hope much hapiness for you.

-Evol

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Empirical data surrounding guards and firewalls. evol (Sep 02)
- Re: Empirical data surrounding guards and firewalls. Peter Besenbruch (Sep 02)
- Re: Empirical data surrounding guards and firewalls. James Tucker (Sep 02)
  - Re: Empirical data surrounding guards and firewalls. evol (Sep 02)
    - Re: Empirical data surrounding guards and firewalls. James Tucker (Sep 02)
    - Re: Empirical data surrounding guards and firewalls. Byron L. Sonne (Sep 07)
    - Message not available
    - Re: Empirical data surrounding guards and firewalls. Byron L. Sonne (Sep 08)
    - Re: Empirical data surrounding guards and firewalls. Michael Simpson (Sep 09)
    - Re: Empirical data surrounding guards and firewalls. Andrew Farmer (Sep 09)
    - Re: Empirical data surrounding guards and firewalls. gadgeteer (Sep 09)
    - Re: Re: Empirical data surrounding guards and firewalls. Vincent Archer (Sep 10)

(Thread continues...)