Dailydave mailing list archives
Re: We got owned by the Chinese and didn't even get a "lessons learned"
From: Dave Aitel <dave () immunityinc com>
Date: Wed, 24 May 2006 12:13:31 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steve Wilson wrote:
</delurk> A large government organisation with no egress firewalling policy? No restrictive and monitored outbound proxies? What sort of a perimeter is that[1]?
It's most non-classified networks that allow http, https or dns access. You can tunnel effectively through any of them. You could even tunnel through SMTP if you were ballsy enough. Everyone's been doing this since 1992AD, and I assume that if anyone puts an anomaly detection application firewall in place on HTTP and HTTPS, there'll be some public research into covert channels. Maybe Joanna will release something to explain how egress filtering without an air gap is just amusing.
Protecting networks against worms is a valuable thing. But it's not security, and I think events like this are a wake up call to what the technology you've deployed actually can do.OK, I'm a pedant - so I can't let that slip by. If protecting networks against worms (or even deliberate targetted attacks) isn 't security, what is it? ;-p
I guess the whole point is that nothing you can deploy right now actually protects you from targeted attacks. They just handle worms. Worms are essentially a bandwidth problem. :> - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFEdIYrtehAhL0gheoRAtTkAJ963whzKiAbA43msVuMIwinDwrfJwCghDF/ /epXbG9QGtFhqwxy5teHbMY= =QBFF -----END PGP SIGNATURE-----
Current thread:
- Re: We got owned by the Chinese and didn't even get a "lessons learned", (continued)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" val smith (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Nicolas RUFF (May 25)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" mark (May 25)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Steve Wilson (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Martin Johns (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Etaoin Shrdlu (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Andrew Simmons (May 24)
- Re: We got owned by the Chinese and didn't even get a"lessons learned" Halvar Flake (May 24)
- Re: We got owned by the Chinese and didn't even get a"lessons learned" Etaoin Shrdlu (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Martin Johns (May 24)
- Re: We got owned by the Chinese and didn't even get a "lessons learned" Kyle Maxwell (May 24)
- air gap vs. covert channels (was: We got owned by the Chinese...) Joanna Rutkowska (May 24)