Re: Cracking a server without services

From: Jeff Aufderheide (j.aufderheide@attbi.com)
Date: 07/12/02 

Date: 11 Jul 2002 22:06:09 -0000
From: Jeff Aufderheide <j.aufderheide@attbi.com>
To: security-basics@securityfocus.com
('binary' encoding is not supported, stored as-is) In-Reply-To: <3D2D39C2.11150.19DF84@localhost>

Hi Mr.Bremer-
I just thought I would give some info about getting past a packet
filtering firewall. It is not as difficult as one would think. All you
would need is the right tool. And......that tool is called Frag Router.
It is in my estimation that this program can get past 2/3 IDS and Packet
filtering Devices. Although there are plans in the works to correct this
issue by implementing an IDS system on both host and destination boxes
(very expensive indeed).

Now to answer the other gentlemen's question. And, someone correct me if
I'm wrong, But the only conceivable way to gain access to a computer
without any services running would be gaining local access to the box
itself and logging in as admin or a user account. From there, depending
on which OS you want to take advantage of (for example MS2k) you could
boot into DOS or a version of Linux and download the SAM file to a floppy
disk. If all of your ports are closed you will not communicate to anyone
in the world, Nothing in - Nothing out.

I hope this answers your questions.

V/R

Jeff Aufderheide

Unfortunately I can't point you to any information regarding this, but I
can offer a little input. Cracking a machine with no services running
would be VERY difficult indeed (I wouldn't say "impossible" though).
Machines that are used as a packet filtering firewall fall into this
category.

What is more likely to happen than cracking the machine itself is
finding a problem in the packet filtering rules that would allow a
cracker unauthorized access to a host that is being protected by the
firewall. On rare occasions, there may even be a bug in the packet
filtering code itself that could create the same problem.

Steve Bremer

Relevant Pages

  • 6.x, 4.x ipfw/dummynet pf/altq - network performance issues
    ... Without a specific pf or ipfw rule to deal with a packet the box would fall over, with specific block rules it would manage an extra 30-40mbps and then fall over. ... When routing & filtering on the same system some of the problems found in 6.x are still apparent, ... UDP floods are much better handled - an ipfw block rule for the packet type and the machine responds as if there were no flood at all (until total bandwidth saturation or PPS limits of the hardware, which in this case was around 950Mbps). ...
    (freebsd-performance)
  • Re: newb: netfilter/iptables ?? extension?
    ... Explain further what you expect to gain by filtering on IP ... I think it would take a rack of Cisco high speed packet filtering ... perform a lookup -- just like iptables. ... provide a clue to solve it -- except that _no_ packet filtering router ...
    (comp.os.linux.networking)
  • an IP class set feature idea
    ... what IP addresses are filtered in some IP filtering logic without having ... the matching against the IP class. ... the packet being passed to it, and see if any of the configured ranges ... are only designed for binding a single IP address, ...
    (comp.os.linux.development.system)
  • Re: Internet filtering at the packet level?
    ... > scanning every single packet. ... > secure web proxy via SSL? ... >> The filtering would be done on a Linux server using TCPDump. ... >> fraud, theft, and cybercrime perpetrators. ...
    (Security-Basics)