Enemy of the State (breaking Stateful Inspection based fw's)

From: J. Oquendo (sil_at_infiltrated.net)
Date: 12/11/04

  • Next message: just-a-nick_at_gmx.net: "Exploiting network services question"
    Date: Fri, 10 Dec 2004 22:00:28 -0500 (EST)
    To: vuln-dev@securityfocus.com
    
    

    Conceptual, theoretical, proof of concept thought on breaking Stateful
    Inspection based failover firewall sessions. Still working on this, and
    will re-do the wording when I have some free downtime but thought others
    would like to get an idea of how it might/can be broken...

    http://www.infiltrated.net/enemyofthestate.html

    Might do some POC codework when I have some spare time, but what I would
    really like are some packet dumps of Stateful sessions under different
    firewalls. X'd out address dumps would be nice.

    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    J. Oquendo
    GPG Key ID 0x51F9D78D
    Fingerprint 2A48 BA18 1851 4C99

    CA22 0619 DB63 F2F7 51F9 D78D
    http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D

    sil @ politrix . org http://www.politrix.org
    sil @ infiltrated . net http://www.infiltrated.net

    "How can we account for our present situation unless we
    believe that men high in this government are concerting
    to deliver us to disaster?" Joseph McCarthy "America's
    Retreat from Victory"


  • Next message: just-a-nick_at_gmx.net: "Exploiting network services question"