Re: [Full-disclosure] HTTP AUTH BASIC monowall.

From: bkfsec <bkfsec@xxxxxxxxxxxxxxxx>
Date: Wed, 15 Mar 2006 13:22:45 -0500

Simon Smith wrote:

Ok,
As suspected... so I am correct; and it is a security threat. I can
compromise a network, arp poison it, MiTM, access the firewall,
distributed metastasis, presto... owned...

Yes and no... as others have pointed out, you already have much larger problems at that point, such as the fact that your network has been totally and completely compromised from the inside in order to do the MitM in the first place... I can see some reasons why one would want to do that, but really, if you can execute a good MitM attack, there really isn't anything you can't do... once you've broken the encryption you can intercept all kinds of auth traffic and replay it.

OK - at that point, maybe you can tunnel under the SSL using another form of encryption as a wrapper for the authentication infrastructure... aside from that, there really isn't much to do... certs, shared keys, etc... these can all be grabbed from the air if the SSL traffic is MitM'ed.

Essentially, we're talking very significant owning of a network in order to simply get the firewall password. At that point, I'd think there'd be even worse things that can be done.

-bkfsec

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Simon Smith

References:
- [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Simon Smith
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Tim
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Matthijs van Otterdijk
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Jeremy Bishop
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Simon Smith
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Keith
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Simon Smith
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Simon Smith
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Michael Holstein
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Simon Smith

Prev by Date: Re: [Full-disclosure] HTTP AUTH BASIC monowall.
Next by Date: Re: [Full-disclosure] Yahoo recommends you write down account information
Previous by thread: Re: [Full-disclosure] HTTP AUTH BASIC monowall.
Next by thread: Re: [Full-disclosure] HTTP AUTH BASIC monowall.
Index(es):
- Date
- Thread

Relevant Pages

Re: firewall ports
... > I am wondering how safe my network is with the firewall i have set up.. ... how does this compromise the security to my network if at all? ... non-standard ports, anyone can run nmap or any type of port scanner to see ...
(comp.security.firewalls)
Re: [fw-wiz] Thoughts on the new Cisco ASA 5500 firewalls
... That there is a compromise between ... What's going on is that network managers are going to put these ... "deep inspection" devices in place, feel safe, and never make any ... inspection" firewall that "knows" how to block scans. ...
(Firewall-Wizards)
Re: Root access removed
... >>The simple answer to this is that for systems connected to the internet, ... misconfigured firewall) and a root kit installed. ... >>compromise later on if the PC is connected to a network. ...
(Fedora)
firewall ports
... I am wondering how safe my network is with the firewall i have set up.. ... how does this compromise the security to my network if at all? ...
(comp.security.firewalls)
RE: can ping but not browse
... I have stopped the firewall. ... # are safed from all (security) hazards. ... firewall/bastion host to the internet ... # internet and to an internal network, ...
(Fedora)