-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: Dean Michael Dorman [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 10, 2001 3:08 PM
>
> ahhh, I see. I didn't see the first post, just the one
> titled 'Hacking
> FW-1 programs'.
>
> I still would be interested in knowing if such tools exist and how
> to prevent the circumvention....not just on Fw-1 either. I
> guess it points
> back to the admin's config.
If we are talking about user authentication to be able to browse the
web, then I would say, yes, there are tools available that try to
brute-force the password. I know of one very famous one that can
brute-force GET and POST requests. It can also be used for brute
forcing Client Authentication, if that's what the firewall in
question is using (assuming a FW-1). Depending on your user database
on the backend, if no lock-outs are specified, and no
challenge-response system is used, then it should be just a matter of
time until he brutes himself through someone else's account.
Frank
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.
iQA/AwUBO0t0V5ytSsEygtEFEQJVzwCfTdj1PV2bEr+7WxUXR6NjQeTpvFQAoO/x
ix7CnEiBC+F8R8S82Q4HjSX/
=ogps
-----END PGP SIGNATURE-----
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
