[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] firewall exploit and stateful packet inspection
Anyone have any ideas about how the effects of the "firewall" exploit would
effect a stateful packet analyzer firewall. Something like NetGears FR314,
etc...
---
Below is taken from the article
http://www.theregister.co.uk/content/55/22788.html
---
Security researchers have highlighted a potential shortcoming
with personal firewall products.
To alert users of the presence of a Trojan or privacy threatening
program running on their systems, personal firewalls have been
adapted so they monitor and block outbound traffic (as well as
blocking inbound network traffic).
If a malicious program becomes active a user will be alerted and
the application will be blocked by a personal firewall (unless a
user is daft enough to agree that it should be able to access the
Internet, of course).
This would normally stop a Trojan sending out data (which might
be your passwords) disguised as HTTP traffic on port 80.
However if a malicious program modifies a DLL used by Internet
Explorer to make an outbound connections to port 80 on its behalf
then this protection is bypassed.
Security researcher Robin Keir, has developed a proof-of-concept
tool, called FireHole, which illustrates how the trick can fool
personal firewalls (such as Zone Alarm, Norton Personal Firewall
and Black Ice Defender).
===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================