Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to easily bypass a firewall...

From: "CHeeKY" <cheekypeople () sec33 com>
Date: Tue, 29 Jul 2003 20:21:36 +0100
know if the scene since hacks began Paul, if you insist on a layer 7
firewall then thats your failing, for home users minimal should be NAT
router with a layer 7 firewall, other build ya own ipcop or openbsd on a 386
or higher, that way you can bring in ids and have layers, or at least become
a checkpoint man as I am and have that at home on ipso hehehe, seriously at
the end of the day, the patches and your own common sense relating to opsys
hardening and understanding your system and what you put on it, should do
you the best.
All it comes down to is being bothered and having common sense, putting
anything on the net now, should be protected to hell, that is a absolute
must, not something you do later, most hacks from the scene or becuase
people either dont have the common sense or cant be bother, then they their
own worst enemy.




-------------------------------------------------------------------------
FIGHT BACK AGAINST SPAM!
Download Spam Inspector, the Award Winning Anti-Spam Filter
http://mail.giantcompany.com


----- Original Message ----- 
From: "Schmehl, Paul L" <pauls () utdallas edu>
To: <full-disclosure () lists netsys com>
Sent: Tuesday, July 29, 2003 6:38 PM
Subject: RE: [Full-disclosure] How to easily bypass a firewall...



-----Original Message-----
From: compguruman () mail comcast net
[mailto:compguruman () mail comcast net]
Sent: Tuesday, July 29, 2003 11:02 AM
To: full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] How to easily bypass a firewall...

At 03:49 PM 7/28/2003 -0500, you wrote:

5. Firewall dialog box uses random numbers / letters represented by
graphics that the user has to enter in a password field if

the password

is not correct sound alarm, halt system.


know of anything that does this?


Would it matter?  The scenario that was proposed is that there's a
trojan on the box, and it can attempt certain methods of
programmatically disabling the firewall.  If there's a trojan on the
box, what does it matter?  *Anything* on the box can be disabled at that
point.

If I break in to a Linux box, for example, all I have to do, once I have
root, is type:
% /etc/rc.d/init.d/ipchains stop

If it's a Windows box, I just kill the service:
C:\ sc stop {firewall servicename}

Or install the pstools to do it.

The point is, once the box is owned, nothing else matters.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: