Security Basics mailing list archives
Re: How to bypass firewalls
From: Andre Pawlowski <sqall () h4des org>
Date: Wed, 12 May 2010 15:16:04 +0200
This is easy to check. The SSL proxy must use his own certificate
(because the SSL proxy uses a MITM-Attack). The first thing I learned is
bypassing the firewall (from the inside) via port 443 and SSL. There are
only a few companies and universities which uses a SSl proxy.
Regards
Andre Pawlowski
-------------------------------------------------------------------
I must create a system or be enslaved by another mans;
I will not reason and compare: my business is to create.
-William Blake
On 05/10/2010 09:29 PM, David Gillett wrote:
An interesting suggestion, which fails if the firewall is an SSL proxy such as Blue Coat sells.... David Gillett -----Original Message----- From: John Morrison [mailto:john.morrison101 () googlemail com] Sent: Friday, May 07, 2010 02:09 To: Raja Cc: listbounce () securityfocus com; security-basics () securityfocus com Subject: Re: How to bypass firewalls Raja, Could you just set up an https connection and run the traffic through as though it is a VPN tunnel? The firewall won't be able to see the traffic (it is encrypted). On 6 May 2010 21:47, <danuxx () gmail com> wrote:Not an expert on this topic but I know a common way to do so by takingadvantage of protocols behaviour and stateful inspection design.So let's say that the firewall has stateful inspection for ftp and IRCprotocols, you can inject ftp PORT commands during ftp sessions to fool the firewall into thinking that it is an IRC transaction and since this protocol uses peer to peer connections the firewall will automatically open any port needed by the IRC server(attacker) to the chat client (victim).Although this flaw has been patched by Netfilter team, definitelyconstitutes a sexy way to bypass firewalls.Google "phrack breaking through a firewall". Sent via BlackBerry from Danux Network -----Original Message----- From: Raja <raja1.it.consultant () gmail com> Date: Thu, 06 May 2010 09:32:35 To: <security-basics () securityfocus com> Subject: How to bypass firewalls Hi, Can anybody let me know the available methods for bypassing firewall for all kinds of traffic? Thanks, Raja ---------------------------------------------------------------------- -- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSLcertificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4 42f727d1 ---------------------------------------------------------------------- -------------------------------------------------------------------------- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- How to bypass firewalls Raja (May 06)
- RE: How to bypass firewalls David Gillett (May 06)
- Re: How to bypass firewalls pasquale imperato (May 06)
- Re: How to bypass firewalls murdamcloud (May 06)
- Re: How to bypass firewalls danuxx (May 06)
- Re: How to bypass firewalls John Morrison (May 10)
- RE: How to bypass firewalls David Gillett (May 11)
- Re: How to bypass firewalls Andre Pawlowski (May 13)
- Re: How to bypass firewalls John Morrison (May 10)
- Re: How to bypass firewalls Tisiphone (May 10)
- RE: How to bypass firewalls David Gillett (May 06)
- Re: How to bypass firewalls Stephen Mullins (May 10)
- Message not available
- Re: How to bypass firewalls Stephen Mullins (May 10)
- Message not available