[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <15045.34044.qm@web162015.mail.bf1.yahoo.com>
Date: Tue, 10 May 2011 08:56:47 -0700 (PDT)
From: Bruno Cesar Moreira de Souza <bcmsouza@...oo.com.br>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
RolandDobbins <rdobbins@...or.net>
Subject: Re: Sony: No firewall and no patches
--- On May 10, 2011, Dobbins, Roland <rdobbins@...or.net> wrote:
> On May 10, 2011, at 8:53 PM, Bruno Cesar Moreira de Souza wrote:
>
> > The stateless ACLs would not prevent ACK tunneling (http://ntsecurity.nu/papers/acktunneling/).
>
> Again, if an attacker's already in a position to do that,
> the game is already over.
The game is over for this compromised server. However, the attacker possibly wants to attack other servers in the network and then compromise sensitive database servers. If the compromised server is not behind a stateful firewll, it will be easier to create a tunnel to access unauthorised ports (such as database network services) and attack other servers. In the worst case, the attacker may be able to penetrate the internal network through this tunnel. It would be possible to create a covert channel through a stateful firewall? Yes, but if the firewall is well configured, you increase the complexity of the attack and there is more chance the attack will be detected.
Additionally, using a covert channel, the attacker can create a backdoor to keep his access. Even if the exploited vulnerability is fixed in a short time, the attacker will still be able to easily control the compromised server. And perhaps his access will keep unnoticed for a long time.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists