RE: [inbox] Firewall Penetration Testing

From: Curt Purdy (purdy_at_tecman.com)
Date: 09/17/03

  • Next message: Rob J Meijer: "Re: mapping vulnerabilities into high medium low risk"
    To: "'Stack Buffer'" <black_merkury@yahoo.com>, <pen-test@securityfocus.com>
    Date: Wed, 17 Sep 2003 14:02:54 -0500
    
    

    My favorite method of bypassing firewalls is to access servers through open
    ports like 80 that exist even on non-webservers. For instance, on Lotus
    Domino, access the .nsf databases that you already know exist and where they
    are, gather information that you can then use to compromise the box, and
    cruise the LAN from there if not in a dmz. Or perform SQL injection on a
    SQL server and do the same. Of course the RPC holes have opened a plethora
    of possibilities on firewalls with netbios open.

    Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
    Information Security Engineer
    DP Solutions

    ----------------------------------------

    If you spend more on coffee than on IT security, you will be hacked.
    What's more, you deserve to be hacked.
    -- former White House cybersecurity zar Richard Clarke

    -----Original Message-----
    From: Stack Buffer [mailto:black_merkury@yahoo.com]
    Sent: Wednesday, September 17, 2003 6:03 AM
    To: pen-test@securityfocus.com
    Subject: [inbox] Firewall Penetration Testing

    Hi all,

    I am new to this list, and I am working on fire wall
    vulnerabilities.
    I strongly believe that fire walls are not enough
    today against increasingly sophisticated attackers.
    I have done research into IP fragmentation attacks and
    I am implementing test programs based on such data.
    see:
    http://www.zvon.org/tmRFC/RFC1858/Output/chapter2.html.

    But I still believe that other vulnerabilities may
    still exist, as they say security is a continous
    process.
    I hope to compile a paper detailing the procedures and
    results of my research, and I would really appreciate
    any pointers to current infomation/papers or advice.

    I will be grateful for any help rendered.
    Thank you.

    Edward

    __________________________________
    Do you Yahoo!?
    Yahoo! SiteBuilder - Free, easy-to-use web site design software
    http://sitebuilder.yahoo.com

    ---------------------------------------------------------------------------
    FREE Trial!
    New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
    and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
    technology powered by the award-winning FoundScan engine. Try it free for
    21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    FREE Trial!
    New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
    and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
    technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
    ----------------------------------------------------------------------------


  • Next message: Rob J Meijer: "Re: mapping vulnerabilities into high medium low risk"

    Relevant Pages

    • Re: Defense in Depth
      ... What is meant by "layers" of security, is this: the entry points that must be ... Physical Layer - Physical access to the resources. ... attacks and other attacks that go after the software itself. ... "layer" in one long chain (lots of firewalls). ...
      (Security-Basics)
    • RE: Wireless Security for Home Users
      ... for most home users to create and/or manage 2 firewalls and a DMZ. ... As with most network security, ... investigate additional security features available from the WAP ...
      (Security-Basics)
    • RE: [Full-Disclosure] RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
      ... > 1) I don't trust MS products for security related tasks. ... firewalls running on NT? ... necessary steps to mitigate the risk and protect yourself. ... We still had six boxes hit. ...
      (Full-Disclosure)
    • RE: IDS is dead, etc
      ... Most firewall logs are just as tough to decipher as IDSs. ... Automated security analytics is a tough animal I don't care what the system. ... firewalls and IDSs, not just IDSs. ... There is no solution to these problems, therefore IDS is dead and we ...
      (Focus-IDS)
    • PenTest Checklist
      ... wanted to know what your favorite tools/methods are for testing methods ... F- Web App Testing - tests website as an application for security holes, ... all firewalls should be tested together and ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, ...
      (Security-Basics)