Re: CRIME Ambiguities in TCP/IP - firewall bypassing

From: brvarin@private
Date: Thu Oct 24 2002 - 14:23:13 PDT

Next message: jmcguire@private: "CRIME Re: [cisspforum] Hacking the Vote"

Previous message: Dorning, Kevin E - DI-3: "RE: CRIME GoToMyPC?"
Maybe in reply to: Andrew Plato: "CRIME Ambiguities in TCP/IP - firewall bypassing"
Next in thread: Andrew Plato: "RE: CRIME Ambiguities in TCP/IP - firewall bypassing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Maybe I'm reading this wrong but this is not a new trick at all. Any
modern(like 4 years old or newer) firewall should stop this stuff cold and
even rudimentary IDS's will also address this.  This stuff is Firewall/IDS
101.


Brian Varine
Regence Blue Cross/Blue Shield
IT Security Compliance
503-553-1425







From:  "Andrew Plato" <aplato@private>@cs.pdx.edu on 10/24/2002 10:58
       AM

Sent by:    owner-crime@private



To:    <crime@private>
cc:
bcc:


Subject:    CRIME Ambiguities in TCP/IP - firewall bypassing



Interesting BUGTRAQ article on how to  bypass some firewalls. Apparently
all OSs respond in this manner.

See link:
http://online.securityfocus.com/archive/1/296122/2002-10-19/2002-10-25/2

1. Abstract
-----------
There are  ambiguities in implementations of the TCP/IP suite for various
operating  systems. Even if this fact has been used since a long time in
different  software for OS fingerprinting, no real attempt has been made
to identify  the security impact of the differences in the TCP/IP
semantics. We have done  some research on the TCP/IP connection open
semantics which is of course  very important for security of networked
systems. We believe that the flaws  we have detected have a big impact on
design of firewalls and packet filters  since an improper implementation
can easily lead to serious security  problems.
-----------
___________________________________
Andrew Plato, CISSP
President /  Principal Consultant
Anitian Corporation
503-644-5656 Office
503-644-8574  Fax
503-201-0821 Mobile
www.anitian.com
_______________________________





===========================================================================
IMPORTANT NOTICE: This communication, including any attachment, contains
information that may be confidential or privileged, and is intended solely
for the entity or individual to whom it is addressed.  If you are not the
intended recipient, you should delete this message and are hereby notified
that any disclosure, copying, or distribution of this message is strictly
prohibited.  Nothing in this email, including any attachment, is intended
to be a legally binding signature.

Next message: jmcguire@private: "CRIME Re: [cisspforum] Hacking the Vote"
Previous message: Dorning, Kevin E - DI-3: "RE: CRIME GoToMyPC?"
Maybe in reply to: Andrew Plato: "CRIME Ambiguities in TCP/IP - firewall bypassing"
Next in thread: Andrew Plato: "RE: CRIME Ambiguities in TCP/IP - firewall bypassing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 24 2002 - 14:49:57 PDT