Security Basics mailing list archives

Re: how to break a personal firewall

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Fri, 23 Dec 2005 02:59:53 +0100

On 2005-12-21 James Grant wrote:

On 2005-12-20 Ansgar -59cobalt- Wiechers wrote:

On 2005-12-19 mahendra_yn () yahoo com wrote:

Can anybody help with the information as to how we can break or
bypass or cheat the personal desktop firewall and establish a remote
session with that pc.

[...]

You may get some pointers from here:

http://copton.net/vortraege/pfw/en.html


The article you point to is over a year old and doesn't apply to
current releases - of ZoneAlarm at least.


While it's true that the speech was held a year ago your assumption that
it wouldn't apply to current personal firewalls is wrong.

In general we were exploiting a design flaw in Windows, not a bug or
flaw in any specific personal firewall. Since the messaging system
Windows uses for IPC between windows has not yet been re-designed, the
things said back then still apply.

As for Zone Alarm in particular: the free version is still susceptible
to our attack. The pro version does intercept it, but since I doubt that
they have patched the Windows messaging system my guess (from a quick
glance, maybe I'll take a closer look after the holidays) is that they
hook into the message queues to intercept such attacks. That attempt is
futile, though, since I simply need to place my hook before any other
hook to circumvent it. Besides, the additional PopUps make the program
completely unusable for normal users, because they won't understand the
question (what do users know about "windows messages"?). Even more since
the PopUps won't give the full path of the executable but just the
filename.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------

Current thread:

how to break a personal firewall mahendra_yn (Dec 19)
- Re: how to break a personal firewall Gene Cronk (Dec 19)
- Re: how to break a personal firewall Ippatsu Man (Dec 20)
- Re: how to break a personal firewall Ansgar -59cobalt- Wiechers (Dec 20)
- <Possible follow-ups>
- RE: how to break a personal firewall James Grant (Dec 21)
  - Re: how to break a personal firewall Ansgar -59cobalt- Wiechers (Dec 26)