From: Amin Tora (amintora@gmail.com)
Date: Wed Mar 01 2006 - 11:27:44 EST
> On 2/12/06, Mike Gilligan <mikewgilligan@hotmail.com> wrote:
> > Hi group
> > Say a pentester manages to discover a vulnerable version of BIND running on
> > an external DNS server and has successfully sourced an exploit for the vuln.
> > I'm curious how it would be possible to launch the exploit against the
> > server when a packet filtering device and stateful inspection Firewall sit
> > between the pentester and the vuln host. It would seem at first glance that
> > this is not a viable option. How else might one go about exploiting the
> > vuln?
> >
> > Mike
Use "smuggling" attack tricks. I haven't seen anything specific for
UDP based smuggling for DNS - but there's a lot of documentation on
HTTP based attacks (google Watchfire Smuggling) which you can glean
ideas off of.
Look in the DNS rfc's for the rules, and try to use different
manipulation of DNS protocol to bypass firewalls/ips with
"intelligence" ... SOMETIMES <grin> security devices "assume" ...
;)
-- Amin Tora http://www.int0x21.com ------------------------------------------------------------------------------ This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow" Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." http://www.lancope.com/resource/ ------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:35 EDT