Home page logo
/

basics logo Security Basics mailing list archives

Re: How to bypass firewalls
From: Tisiphone <tisiphne () gmail com>
Date: Thu, 6 May 2010 16:54:06 -0500

Dependent on what exactly you want to pass in which direction, don't
forget about tunneling over basic permitted protocols, for example,
tunneling HTTP over DNS (as with Ozymandias or NSTX).

On Thu, May 6, 2010 at 3:47 PM,  <danuxx () gmail com> wrote:
Not an expert on this topic but I know a common way to do so by taking advantage of protocols behaviour and stateful 
inspection design.

So let's say that the firewall has stateful inspection for ftp and IRC protocols, you can inject ftp PORT commands 
during ftp sessions to fool the firewall into thinking that it is an IRC transaction and since this protocol uses 
peer to peer connections the firewall will automatically open any port needed by the IRC server(attacker) to the chat 
client (victim).

Although this flaw has been patched by Netfilter team, definitely constitutes a sexy way to bypass firewalls.

Google "phrack breaking through a firewall".
Sent via BlackBerry from Danux Network

-----Original Message-----
From: Raja <raja1.it.consultant () gmail com>
Date: Thu, 06 May 2010 09:32:35
To: <security-basics () securityfocus com>
Subject: How to bypass firewalls

Hi,

Can anybody let me know the available methods for bypassing firewall for
all kinds of traffic?

Thanks,
Raja

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault