Re: Hacking into firewall

From: Alessandro Perilli (peris_at_tiscali.it)
Date: 07/30/03 

Date: Wed, 30 Jul 2003 15:10:34 +0200

On Wed, 30 Jul 2003 05:43:41 -0700, Ajitesh Pathak wrote:

> Hi There,
> How can I hack the security in the office and
> try and access the sites which we are denied access into??
> Ajitesh

Ajitesh,
nice to see you detailed your request in this new post :)

Basically a firewall can deny you access to web sites bythree different
methods:

1. Block any request for certain IPs
2. Evaluate your office clients HTTP requests every time are generated and
perform a comparison against a prohibited web sites database (so called
internet filtering talking about firewall action, so called content
analysis talking about firewall technology in place)
3. Specify which destination your machine (or you as user) can reach, and
prohibit any other destination.

In first two cases, both methods can be bypassed simply using a web
anonymous proxy. There are many online, free for a certain amount of
traffic volume (then you have to pay for more bandwidth), eventually
capable of hiding your real request inside an HTTPS request (to avoid
sniffers check or firewall content analysis).
Specifically in second case, some administrators, to avoid this behavior
and don't let company users walkaround firewall restrictions, put into
prohibited web sites database also this kind of web anonymous proxy sites,
so you cannot go directly for your destination and neither go for them. But
anonymous web proxies grow every day and it's very difficult to catalog and
block every of them.

In third case you cannot use this technique to avoid firewall restriction.
You should implement a personal web proxy on one resource administrator
allowed for you, but this become very complex when your resources allowed
are inside your company and not outside. Anyway this last method for block
company users is rarely used. 

-- 
Alessandro Perilli
Security Consultant / Trainer
MCT - MCSE 2000 SECURITY - LINUX+
CCSI - CCSE 2000 - CCSE+ NG
CCNA - CIWP - CIWSA - CCA XP
SECURITY+

Relevant Pages

  • Re: [Full-Disclosure] Re: Empirical data surrounding guards and firewalls.
    ... The firewall is not content filtering, thus does not stop bad requests ... connection to a webserver. ... carrying an illegal object (an illegally formed request). ...
    (Full-Disclosure)
  • Re: Excluding internal IPs from being proxied
    ... This log entry says that since I do not have firewall policy that allows web ... the request is denied. ... *correctly* treats the request as being destined to the internal network, ... The point is the request should *never* be processed by web proxy ...
    (microsoft.public.isa)
  • Re: SSL-Tunnel blocked?
    ... My guess is that something is being attempted that the Web Proxy Service ... My suggestion is to install the Firewall Client on the Workstation. ... the net into Powerpoint, ISA blocks the request, the output is shown ... I am guessing that since ISA cannot look at the traffic inside ...
    (microsoft.public.isa)
  • Windows XP SP2 Firewall API Security Questions
    ... Windows Firewall is blocking this. ... coming back from a request from in side. ... So yes, a program could try to set ports open, but only ... >about the authorized applications collection. ...
    (microsoft.public.windowsxp.security_admin)