XML Port Scanning

["Colin Wong" <colin.wong () sift com au>]

SIFT has released a new Intelligence Report that provides a discussion on a
new network reconnaissance technique, using XML for completing remote port
scans that effectively bypass a perimeter firewall. The technique utilises
properties of XML parsers to perform the scanning of systems, and while the
technique relies on some reasonably specific implementation details in order
to be exploitable remotely, it is potentially applicable to any application
that accepts XML document inputs.

Several workarounds exist and have been detailed in this paper and the
technique does not offer the ability to perform advanced fingerprinting or
analysis of the underlying operating system of hosts. However, this
technique demonstrates the danger that inadequately configured XML parsers
can pose to an organisation and highlights the inability of traditional
network security devices to handle application-level threats.

The report is available for download from the SIFT website:
http://www.sift.com.au/36/172/xml-port-scanning-bypassing-restrictive-perime
ter-firewalls.htm


Regards,

Colin Wong
www.sift.com.au

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------