Security Basics mailing list archives
Re: Firewall question - how easy is it to get thru - Proof
From: krymson () gmail com
Date: Wed, 23 Feb 2011 12:25:30 -0700
Summary: You're never really attacking the firewall directly itself, or beating it. You're going through or around it. This isn't an IPS that you can fragment through, spoof, or fool. Modern firewalls are often just allow or drop. The proper response to a demo of an attack is to first talk about firewalls (and patches), but there's obviously more to it than firewall==solution. Long version: I think it might be best to make some assumptions here. 1- You have 3 different attacks you can send to a server using Metasploit. 2- One of those attacks hits IIS 5.0. 3- The other 2 attack the server, say using MS08-067 or something similar which uses port 445,135-139... 4- You put up a network firewall between yourself and the server that acts like a normal, properly configured firewall would. It allows ports 80/443 so the web server can do its business, and it blocks everything else. In this situation, how long would it take you to bust through the firewall and take over the server? For the IIS 5.0 attack, you'll still always be able to launch your attack and upload files. If the firewall blocks all outbound initiated connections *from* the web server back to you, you might be able to stop shell access of other callback methods. If your backdoor takes place from your system to the web server over 80/443, that will still be allowed. For the other attacks, the firewall will always cause them to fail because it is just not letting you through those ports. If there are exceptions, for instance say someone at home wants those ports open to them on their home IP address. You *could* spoof their IP address and do some damage. If you're somewhere else in the world, you could send inbound traffic, but you won't get anything back because the responses will go to the legit IP. But if you get right outside the firewall, you can grab the responses before they get out. In a lab or local network, this works nice to demonstrate spoofing issues, but in the real world of the Internet, attacks almost never are close enough to make such an attack a reality. Of course, if you're close enough to the firewall (in a lab or the local network) you can do other things. The more time you have, the more interesting those options get... ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: Firewall question - how easy is it to get thru - Proof vedantamsekhar () gmail com (Feb 17)
- <Possible follow-ups>
- RE: Re: Firewall question - how easy is it to get thru - Proof Shane Anglin (Feb 17)
- RE: Re: Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 17)
- RE: Re: Firewall question - how easy is it to get thru - Proof Omar Salvador Alcalá Ruiz (Feb 18)
- Re: Re: Firewall question - how easy is it to get thru - Proof John Morrison (Feb 18)
- RE: Re: Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 18)
- Re: Re: Firewall question - how easy is it to get thru - Proof John Morrison (Feb 18)
- Windows Authentication Robert . Yung (Feb 22)
- RE: Re: Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 17)