On the point of Fragrouter being able to use fragments to bypass packetfiltering firewalls, could you not use a rule like
iptables -A INPUT -i eth0 -f -j DROP to drop fragments on the perimeter router, thus preventing fragrouter from being able to do this? As far as I know, the only reason for fragments would be for NFS services, which I would never want to cross my perimeter router anyway. Warwick On Thu, 2002-07-11 at 23:06, Jeff Aufderheide wrote: > In-Reply-To: <3D2D39C2.11150.19DF84@localhost> > > Hi Mr.Bremer- > I just thought I would give some info about getting past a packet > filtering firewall. It is not as difficult as one would think. All you > would need is the right tool. And......that tool is called Frag Router. > It is in my estimation that this program can get past 2/3 IDS and Packet > filtering Devices. Although there are plans in the works to correct this > issue by implementing an IDS system on both host and destination boxes > (very expensive indeed). > > Now to answer the other gentlemen's question. And, someone correct me if > I'm wrong, But the only conceivable way to gain access to a computer > without any services running would be gaining local access to the box > itself and logging in as admin or a user account. From there, depending > on which OS you want to take advantage of (for example MS2k) you could > boot into DOS or a version of Linux and download the SAM file to a floppy > disk. If all of your ports are closed you will not communicate to anyone > in the world, Nothing in - Nothing out. > > I hope this answers your questions. > > V/R > > Jeff Aufderheide > > Unfortunately I can't point you to any information regarding this, but I > can offer a little input. Cracking a machine with no services running > would be VERY difficult indeed (I wouldn't say "impossible" though). > Machines that are used as a packet filtering firewall fall into this > category. > > What is more likely to happen than cracking the machine itself is > finding a problem in the packet filtering rules that would allow a > cracker unauthorized access to a host that is being protected by the > firewall. On rare occasions, there may even be a bug in the packet > filtering code itself that could create the same problem. > > Steve Bremer >
