From: Curt Purdy (purdy@tecman.com)
Date: Wed Sep 17 2003 - 15:02:54 EDT
My favorite method of bypassing firewalls is to access servers through open
ports like 80 that exist even on non-webservers. For instance, on Lotus
Domino, access the .nsf databases that you already know exist and where they
are, gather information that you can then use to compromise the box, and
cruise the LAN from there if not in a dmz. Or perform SQL injection on a
SQL server and do the same. Of course the RPC holes have opened a plethora
of possibilities on firewalls with netbios open.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
----------------------------------------
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity zar Richard Clarke
-----Original Message-----
From: Stack Buffer [mailto:black_merkury@yahoo.com]
Sent: Wednesday, September 17, 2003 6:03 AM
To: pen-test@securityfocus.com
Subject: [inbox] Firewall Penetration Testing
Hi all,
I am new to this list, and I am working on fire wall
vulnerabilities.
I strongly believe that fire walls are not enough
today against increasingly sophisticated attackers.
I have done research into IP fragmentation attacks and
I am implementing test programs based on such data.
see:
http://www.zvon.org/tmRFC/RFC1858/Output/chapter2.html.
But I still believe that other vulnerabilities may
still exist, as they say security is a continous
process.
I hope to compile a paper detailing the procedures and
results of my research, and I would really appreciate
any pointers to current infomation/papers or advice.
I will be grateful for any help rendered.
Thank you.
Edward
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for
21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:40 EDT