XML Port Scanning

["Paul Theriault" <paul.theriault () sift com au>]

SIFT has released a new Intelligence Report that provides a discussion on a
new network reconnaissance technique, using XML for completing remote port
scans that effectively bypass a perimeter firewall. The technique utilises
properties of XML parsers to perform the scanning of systems, and while the
technique relies on some reasonably specific implementation details in order
to be exploitable remotely, it is potentially applicable to any application
that accepts XML document inputs.

Several workarounds exist and have been detailed in this paper and the
technique does not offer the ability to perform advanced fingerprinting or
analysis of the underlying operating system of hosts. However, this
technique demonstrates the danger that inadequately configured XML parsers
can pose to an organisation and highlights the inability of traditional
network security devices to handle application-level threats.

The report is available for download from the SIFT website:
http://www.sift.com.au/36/172/xml-port-scanning-bypassing-restrictive-perime
ter-firewalls.htm


Regards,
Paul Theriault
www.sift.com.au

-------------------------------------------------------------------------
Sponsored by: Watchfire

It's been reported that 75% of websites are vulnerable to attack. That's 
because hackers know to exploit weaknesses in web applications. 
Traditional approaches to securing these assets no longer apply. Download 
the "Addressing Challenges in Application Security" whitepaper today, and 
see for yourself.

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmw
--------------------------------------------------------------------------