Re: pushing exploits through the Firewall

["Amin Tora" <amintora () gmail com>]

> On 2/12/06, Mike Gilligan <mikewgilligan () hotmail com> wrote:
> > Hi group
> > Say a pentester manages to discover a vulnerable version of BIND running on
> > an external DNS server and has successfully sourced an exploit for the vuln.
> > I'm curious how it would be possible to launch the exploit against the
> > server when a packet filtering device and stateful inspection Firewall sit
> > between the pentester and the vuln host. It would seem at first glance that
> > this is not a viable option. How else might one go about exploiting the
> > vuln?
> >
> > Mike

Use "smuggling" attack tricks.  I haven't seen anything specific for
UDP based smuggling for DNS - but there's a lot of documentation on
HTTP based attacks (google Watchfire Smuggling) which you can glean
ideas off of.

Look in the DNS rfc's for the rules, and try to use different
manipulation of DNS protocol to bypass firewalls/ips with
"intelligence" ...  SOMETIMES <grin> security devices "assume" ...  
;)

--
Amin Tora
http://www.int0x21.com

------------------------------------------------------------------------------
This List Sponsored by: Lancope

"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed
enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA)
and Response solution, leverages Cisco NetFlow to provide scalable,
internal network security.
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response
Systems in the Enterprise."

http://www.lancope.com/resource/
------------------------------------------------------------------------------