mailing list archives
Paper: Unverified Fields - A Problem with Firewalls & Firewall Technology Today
From: "Ofir Arkin" <ofir () itcon-ltd com>
Date: Sat, 14 Oct 2000 18:47:54 +0200
The following problem (as discussed in this paper)
has not yet been identified. Certain firewalls today,
will not authenticate the validity of certain protocol
fields, within the packet they are processing.
The risk is exposure of information. What kind of
information can be exposed? Mainly it will be unique
patterns of behavior produced by the probed machines
answering our crafted queries (or other kind of network
traffic initiated in order to elicit a reply). Those
patterns will help a malicious computer attacker to
identify the operating systems in use.
In my research paper “ICMP Usage In Scanning ” I have
introduced new operating system fingerprinting methods
based on changing values inside certain fields of the
ICMP datagram. Using some of these methods I will
demonstrate the risk.
The paper is available from:
Ofir Arkin [ofir () itcon-ltd com]
Senior Security Analyst
Chief of Grey Hats
Personal Web page: http://www.sys-security.com
"Opinions expressed do not necessarily
represent the views of my employer."
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
- Paper: Unverified Fields - A Problem with Firewalls & Firewall Technology Today Ofir Arkin (Oct 14)