[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] [fw-1] Instant Messenger bypass FW-1
All stateful firewalls and packet filtering devices will be vulnerable to this type of behavior because they use information contained in the network (ip addresses) and transport (tcp/udp/etc) to determine whether or not information should go through the firewall. Any malicious or "slippery" software will easily bypass a firewall in the outbound direction. In some cases, inbound traffic is subject to this as well. For instance, one piece of software used IMCP echo replies to communicate with "controlled" machines. This type of thing is the domain of Intrusion Detection Systems and other devices which can decode upper layer information like some proxy servers and applciation firewalls (although I have not had the pleasure of using the proxy servers and app firewalls). Security policy must clearly state that unauthorised use of the network is punishable by ".....". When you have identified the machine(s)/user(s), shut them down. Regards ----- Original Message ----- From: "A, Kaustubh" <[email protected]> To: <[email protected]> Sent: Wednesday, June 12, 2002 9:04 AM Subject: [FW-1] [fw-1] Instant Messenger bypass FW-1 > Folks, > > I came to know about an article of Gartner saying that their are some IM bypassing Firewall by scanning open ports. > Has anybody tested this CP FW-1 NG? I am afraid if this is a problem with FW-1!!! > > > Firewall Bypass Technology > > > AOL's Instant Messenger has a uniquely slippery client that is > designed to bypass firewall port blocking technology, making the > product easy to configure from behind a firewall. For example, the > AOL client will use any available port, scanning even those reserved > for domain naming system (DNS) lookup. This technology enables > unsophisticated users to sneak past a firewall with relative ease, > effectively establishing breaches in the corporate firewall. > > > > > Kaustubh A. > Technical Consultant > HP Services > -------------------------------------------------------------------------- --------- > 101-105 Enterprise Center, CTS#55 Off Neharu Road, > Vile Parle (East) Mumbai 400099. > *+91 (0) 22.616.7331 *GSM:> *: [email protected] > URL: http://www.ho.com/in > -------------------------------------------------------------------------- --------- > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|