[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <871080DEC5874D41B4E3AFC5C400611E06B47623@UTDEVS02.campus.ad.utdallas.edu>
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: How to easily bypass a firewall...
> -----Original Message-----
> From: compguruman@...l.comcast.net
> [mailto:compguruman@...l.comcast.net]
> Sent: Tuesday, July 29, 2003 11:02 AM
> To: full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] How to easily bypass a firewall...
>
> At 03:49 PM 7/28/2003 -0500, you wrote:
> >5. Firewall dialog box uses random numbers / letters represented by
> >graphics that the user has to enter in a password field if
> the password
> >is not correct sound alarm, halt system.
>
> know of anything that does this?
>
Would it matter? The scenario that was proposed is that there's a
trojan on the box, and it can attempt certain methods of
programmatically disabling the firewall. If there's a trojan on the
box, what does it matter? *Anything* on the box can be disabled at that
point.
If I break in to a Linux box, for example, all I have to do, once I have
root, is type:
% /etc/rc.d/init.d/ipchains stop
If it's a Windows box, I just kill the service:
C:\ sc stop {firewall servicename}
Or install the pstools to do it.
The point is, once the box is owned, nothing else matters.
Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
Powered by blists - more mailing lists