> Per Gustav Ousdal" <[EMAIL PROTECTED]> asks:
> >Does anyone have any information on, or pointers to resources documenting
> >successful attacks on "good" (can't be to good, huh?) firewall
> >implementations?
>
> The biggest problems I've seen with firewalls (even "good" ones)
> have to do with the "incoming traffic problem" - in which some
> kind of traffic is allowed to a system behind the firewall, which
> is then compromised via that traffic. See:
>
> http://www.clark.net/pub/mjr/pubs/debate/sld012.htm
Mmm, yummy, but where is the *.ps version? U C I am surfing on my cell phone for the
time being (don't like to stay connected to read webpages for obvious resons BTW: This
is also my excuse for using windoze/Outlook Express to post this ;)
> for an illustration of what's going on. With the way that most
> firewalls work, and most sites deploy them, breaking into the
> firewall itself would be unnecessarily hard compared to the
> difficulty of breaking into a web server, exchange server, notes
> server, whatever behind it.
Yup, another reason for breaking into the servers could be the motivation of the
person doing it: E.g. if he is looking for interessting stuff (data, etc.) there isn't
likely to be much on the firewall (Or script kiddies who want to compromise anything).
If he/she is looking for the "ultimate challenge" (kicks) it might make sense to (try
to) attack the FW. But even then (FW is the target) I imagine that in most cases it
might be easier to attack it from the inside, thus he/she might want to compromise one
of the servers first, and then use it to lauch an attack on the FW. Does my thinking
here make sense? The idea is that there is usually a tigther policy on incoming
traffic, than outgoing (usually more trust on the inside). Also, these hosts are more
likely to provide the attacker with useful tools (or if they are properly configured
bastion hosts, they will in most cases still provide a much better enviorment for the
attacker to run tools than a FW). Comments?
U C I am just a simple newbie trying to learn something about firewalls, and security
in general. So far I've learnt that to have a clue when it comes to this you have to
be able to "think" & reason. That's what I am trying to do above, in order to learn
more about these topics.
Regards,
Per
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
