|
Posted by Art on September 20, 2005, 12:35 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Volker Birk has created a english language version of his POC
of tunneling software firewalls. The idea is to demonstrate
how easy it is to bypass firewalls from the inside, so to speak,
and transmit data to a remote site without the user's permission,
and without creating a alert from the firewall. The demo exe file
can be downloaded from:
http://www.dingens.org/breakout-en.exe
It's quite unpolished, and you have to have IE started and minimized
first in order to see a message displayed (in IE). Furthermore, in
order to see evidence that indeed packets are sent (to some IP number
that traces to RIPE in Amsterdam) you have to have some packet logging
sw running as well. Actually, I found that Sygate's traffic log
records the incident. So it's not necessarily that the fw is blind to
the incident. It's a matter that average users .... who depend on
their sw firewall to alert them and protect them from Trojans and
spyware calling out ... will be oblivious.
Art
http://home.epix.net/~artnpeg
| 
XML site map