lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: How to easily bypass a firewall...

> -----Original Message-----
> From: compguruman@...l.comcast.net 
> [mailto:compguruman@...l.comcast.net] 
> Sent: Tuesday, July 29, 2003 11:02 AM
> To: full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] How to easily bypass a firewall...
>
> At 03:49 PM 7/28/2003 -0500, you wrote:
> >5. Firewall dialog box uses random numbers / letters represented by 
> >graphics that the user has to enter in a password field if 
> the password 
> >is not correct sound alarm, halt system.
> 
> know of anything that does this?
> 
Would it matter?  The scenario that was proposed is that there's a
trojan on the box, and it can attempt certain methods of
programmatically disabling the firewall.  If there's a trojan on the
box, what does it matter?  *Anything* on the box can be disabled at that
point.

If I break in to a Linux box, for example, all I have to do, once I have
root, is type:
% /etc/rc.d/init.d/ipchains stop

If it's a Windows box, I just kill the service:
C:\ sc stop {firewall servicename}

Or install the pstools to do it.

The point is, once the box is owned, nothing else matters.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ