Firewall Wizards mailing list archives
Hacker pierces hardware firewalls with web page.
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Fri, 8 Jan 2010 13:34:06 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1In reading this, I get the impression this is not a fault in the firewalls themselves, but more an issue with the configuration of firewalls having been 'tested' by this hacker. Am I wrong in reading this news in that fashion?::
January 6, The Register - (International) Hacker pierces hardware firewalls with web page. On January 5, a hacker demonstrated a way to identify a browser's geographical location by exploiting weaknesses in many WiFi routers. Now, the same hacker is back with a simple method to penetrate hardware firewalls using little more than some javascript embedded in a webpage. By luring victims to a malicious link, the attacker can access virtually any service on their machine, even when it's behind certain routers that automatically block it to the outside world. The method has been tested on a Belkin N1 Vision Wireless router, and the hacker says he suspects other devices are also vulnerable. "What this means is I can penetrate their firewall/router and connect to the port that I specified, even though the firewall should never forward that port," the hacker told the Register. "This defeats that security by visiting a simple web page. No authentication, XSS, user input, etc. is required." The hacker's proof-ofconcept page forces the visitor to submit a hidden form on port 6667, the standard port for internet relay chat. Using a hidden value, the form surreptitiously coerces the victim to establish a DCC, or direct client-to-client, connection. Vulnerable routers will then automatically forward DCC traffic to the victim's internal system, and using what's known as NAT traversal an attacker can access any port that's open on the local system. For the hack to work, the visitor must have an application such as file transfer protocol or session initiation protocol running on his machine. The hack does not guarantee an attacker will be able to compromise that service, but it does give the attacker the ability to probe it in the hope of finding a weak password or a vulnerability that will expose data or system resources. Source:
http://www.theregister.co.uk/2010/01/06/web_based_firewall_attack/ Thanks, Ron DuFresne- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
These things happened. They were glorious and they changed the world...,
and then we fucked up the endgame. --Charlie Wilson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFLR3qist+vzJSwZikRAotcAJ9fHEWAOm2N5xFKww7/wA9O+YYdeACfZUEZ
uZciRDQsRu1kZZQUZctPwmY=
=KCsu
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Hacker pierces hardware firewalls with web page. R. DuFresne (Jan 08)
- Re: Hacker pierces hardware firewalls with web page. david (Jan 11)
- Re: Hacker pierces hardware firewalls with web page. Farrukh Haroon (Jan 12)
- Re: Hacker pierces hardware firewalls with web page. ArkanoiD (Jan 12)
- Re: Hacker pierces hardware firewalls with web page. david (Jan 12)
- Re: Hacker pierces hardware firewalls with web page. Farrukh Haroon (Jan 12)
- <Possible follow-ups>
- Re: Hacker pierces hardware firewalls with web page. Jeff Jarmoc (Jan 12)
- Re: Hacker pierces hardware firewalls with web page. david (Jan 11)