Not tru! Youre example is not using a proxy based firewall, you are using the transparent DNS port. If you force the DNS through a proxy proces as it should on a proxy based firewall (hidden DNS o.i.d) (No transparent connection at all) then this trick will not work. Gr. H. -----Oorspronkelijk bericht----- Van: Robert Purdy [mailto:liteyearat_private] Verzonden: zondag 30 januari 2000 12:31 Aan: firewall-wizardsat_private Onderwerp: RE: Bypassing firewall Hi, Try this, its from the Linux HOWTO's, under firewalls 15. Defeating a Proxy Firewall Just to spoil your day, and keep you on your toes about security, I'll describe how easy it is to defeat a proxy firewall. Lets say you have done everything in this document and have a very secure server and network. You have a DMZ and no one can get into your network and you are logging every connection made to the outside world. You make all your users go through a proxy and the only service you allow to go direct to the outside is DNS (port 53). One port, that is all it takes to make a firewall worthless. Here is how it is done. Start by setting up a Linux box somewhere outside your LAN. A good choice would be a box at home connected to the Internet through a cable modem. Ask your ISP for three IP numbers. Most cable companies will provide up to three. On this box you need to install the client part of a Virtual Private Network (vpn). See: http://sunsite.auc.dk/vpnd/ Now setup the server side on the VPN with another Linux box. Connect this server to it's client through port 53. Turn on routing and forwarding and put an unused IP number you got from your ISP on it's LAN port. Finally, on a workstation on the private LAN, change the default gateway to point to the vpn servers and add the third IP number to it's LAN port. Now, from this workstation, you can go anywhere. The only thing the firewall admin will see is a really long DNS lookup. Now, take over the world! Cheers, Rob Purdy WAN Consultant Datacom Systems Ltd. Auckland, New Zealand -----Original Message----- From: owner-firewall-wizardsat_private [mailto:owner-firewall-wizardsat_private]On Behalf Of Kaptain Sent: Thursday, 27 January 2000 13:45 To: Riley, Steven Cc: 'firewall-wizardsat_private' Subject: RE: Bypassing firewall It's article 52-16. -K On Tue, 25 Jan 2000, Riley, Steven wrote: > Phrack 56-16 had a good article on what you suggested. I think the article > was called 'Piercing a Firewall'. > > > -----Original Message----- > From: Mailing Lists [mailto:mlistat_private] > Sent: 23 January 2000 16:06 > To: firewall-wizardsat_private > Subject: Bypassing firewall > > > Hi! > > Back where I work, we are using a firewall the blocks everything coming in, > and gives internal users permission to use the www, ftp, pop and mail > ports. (no icq, no aol, no nothing else). > > But I overheard one of my users bragging that it bypassed the firewall > using two linux machines doing port redirection. > > I did a little research on this and the most plausible way I found is that > he is running a linux inside the firewall which grabs everyhing on a > certain port (let's say the icq server port), then forward it through port > 80 to another linux box outside the firewall which make the actual call to > the icq server on the right port. Is that possible? Is there any other > alternatives he can be using? > > btw, I don't know what the firewall used is, I'm the sysadm for my > division, but we are using the corporate firewall. > > Thanks! > > > =================================================== > This communication contains information which is confidential and > may also be privileged. It is for the exclusive use of the > intended recipient(s). If you are not the intended recipient(s), > please note that any distribution, copying or use of this > communication or the information in it is strictly prohibited. > If you have received this communication in error, please notify > the sender immediately and then destroy any copies of it. > -- > MCI WorldCom Year 2000 information http://www.wcom.co.uk/2000 > >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:52 PDT