Full Disclosure: Re: Sony: No firewall and no patches

[Bruno Cesar Moreira de Souza <bcmsouza () yahoo com br>]

--- On May 10, 2011, Dobbins, Roland <rdobbins () arbor net> wrote:

> On May 10, 2011, at 8:53 PM, Bruno Cesar Moreira de Souza wrote:
>
> > The stateless ACLs would not prevent ACK tunneling (http://ntsecurity.nu/papers/acktunneling/). 
> Again, if an attacker's already in a position to do that,
> the game is already over.
The game is over for this compromised server. However, the attacker possibly wants to attack other servers in the 
network and then compromise sensitive database servers. If the compromised server is not behind a stateful firewll, it 
will be easier to create a tunnel to access unauthorised ports (such as database network services) and attack other 
servers. In the worst case, the attacker may be able to penetrate the internal network through this tunnel. It would be 
possible to create a covert channel through a stateful firewall? Yes, but if the firewall is well configured, you 
increase the complexity of the attack and there is more chance the attack will be detected.

Additionally, using a covert channel, the attacker can create a backdoor to keep his access. Even if the exploited 
vulnerability is fixed in a short time, the attacker will still be able to easily control the compromised server. And 
perhaps his access will keep unnoticed for a long time.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/