Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: Facts, not Fiction

Re: Facts, not Fiction

From: Marcus J. Ranum <mjr_at_nfr.net>
Date: Fri, 07 Nov 1997 23:46:52 -0500

>Has any of the _current_ firewall-implementations of the major vendors
>(TIS, Checkpoint, Raptor) on any Platform been cracked (compromised or
>broken into)?

Yes.:) But in every case that I've heard of, it's usually found by
insiders first, or outside business partners with deep internal
access to the software. There have been flaws of one sort or
another in many of the top firewall products, and generally they
are quietly fixed pretty quickly.

>That is: Even though the setup was flawless, is there a known DOS-Attack
>against these systems, can they be manipulated or do they pass data they
>are not supposed to pass etc?

Denial of service attacks have been known to work on several
of the proxy type firewalls (which usually rely more on the
vendor's provided IP stack) -- but just about *ANYTHING* seems
to be vulnerable to some sort of denial of service attack. The
more interesting problems are the ones where the firewall
may start to pass data it's not supposed to -- those are less
common bugs but they have happened as well.

The vast bulk of firewall breakins has to do with misconfigurations
ranging from installing them backwards (!) to more subtle forms
of the incoming traffic problem. The bulk of compromises are
because of too much traffic being allowed back and forth (usually
in) to servers that are insecure. In general these break down
into classes of incoming traffic problem or transitive trust. There
are no statistics I can point at that enumerate what's been
happening; CSI has some numbers I believe they are about
to publish, but they're based on blind surveys and perforce
are not detailed.

Before you ask: no, I will not be forthcoming about details. The
vendors in question fixed things right away but some of their
existing customers may be running older versions; describing
problems would be doing them a huge disservice. Since I'm
not going to go into details, I won't be insulted if you choose
to believe I've got no idea what I'm talking about.

mjr. 

--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
Received on Nov 07 1997
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]