Home page logo

Nmap Announce mailing list archives

Paper: Unverified Fields - A Problem with Firewalls & Firewall Technology Today
From: "Ofir Arkin" <ofir () itcon-ltd com>
Date: Sat, 14 Oct 2000 18:47:54 +0200

The following problem (as discussed in this paper)
has not yet been identified. Certain firewalls today,
will not authenticate the validity of certain protocol
fields, within the packet they are processing.

The risk is exposure of information. What kind of
information can be exposed? Mainly it will be unique
patterns of behavior produced by the probed machines
answering our crafted queries (or other kind of network
traffic initiated in order to elicit a reply). Those
patterns will help a malicious computer attacker to
identify the operating systems in use.

In my research paper “ICMP Usage In Scanning ” I have
introduced new operating system fingerprinting methods
based on changing values inside certain fields of the
ICMP datagram. Using some of these methods I will
demonstrate the risk.

The paper is available from:

Ofir Arkin  [ofir () itcon-ltd com]
Senior Security Analyst
Chief of Grey Hats
ITcon, Israel.

Personal Web page: http://www.sys-security.com

"Opinions expressed do not necessarily
represent the views of my employer."

For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

  By Date           By Thread  

Current thread:
  • Paper: Unverified Fields - A Problem with Firewalls & Firewall Technology Today Ofir Arkin (Oct 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]