Firewall Bypass
Results 1 to 8 of 8

Thread: Firewall Bypass

  1. #1
    Member
    Join Date
    Jun 2002
    Posts
    30

    Firewall Bypass

    Ive heard that the more destructive hackers out there can flood a system with fragmented IGMP packets and crash a firewall and if this is true why dont vendors put a block on this?

  2. #2
    Banned
    Join Date
    Apr 2002
    Posts
    69
    They have, alot of firewalls just drop incomplete or fragmented packets.

  3. #3
    Senior Member
    Join Date
    Jul 2002
    Posts
    112
    it's not the fragmented ICMP packet you have to worry about it is not DDoS attacks or DRDoS attack which are more of a problem. Check oout GRC.COM website to read Steve Gibson''s article on both of these attacks on his net by some folks. It is VERY informative...

    Here's the link

    http://grc.com/dos/drdos.htm
    My other Computer is a 4000 node Beowulf Custer

  4. #4
    Member
    Join Date
    Sep 2001
    Posts
    56
    DoS attacks on a firewall don't bypass them; they completely destroy them. it's a very noisy technique, and that is what many unskilled attackers do. if you want to know some quieter techniques for bypassing firewalls, go to http://neworder.box.sk/subject.php?s...%3E+Networking and read their three tutorials on getting around firewalls.

    -Nitro-

  5. #5
    Senior Member
    Join Date
    Aug 2001
    Posts
    112
    yeah. ICMP and UDP packet's are generally the choice. If it's a massive attack, then your software will go to dirt. If it's hardware, your firewall will try to keep up but fail. I have zonealarm, and I've had it crash on me because of it. I lost all the logs.
    Viper

  6. #6
    Senior Member
    Join Date
    Jun 2002
    Posts
    165
    i think there are a number of issues that have been compiled together in the composed question.

    the thread title indicates a circumvention, while the question illustrates a dos/ddos.

    in days of old, ip frags (of any type of transport) was used to bypass ipfilters and _some_ firewalls - but these were not blasts, but rather pre-meditated and crafted attacks of minimal transaction.

    there are a few scenarios that i am aware of that use igmp messsages with fragmentation as dos/ddos attacks. the general purpose being to either to eat up memory in the normal traffic based manner(not real effective) - or to create a mishandling in the tcp/ip stack. ie. illegal fragment offsets.
    -droby10

  7. #7
    Banned
    Join Date
    Apr 2002
    Posts
    82
    Some software and hardware firewalls have an anti-DoS on. Zonealarm and Outpost is supoose to have one not unless there is a hole and you have something helping with the attack. I'd just suggest rather not log everything in a flood and just log off the internet then go back on in a few minutes or hours. Configuring the security correctly would help.

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    In some hardware Firewalls, you can activate a anti-DoD function. The problem is that it puts a huge overhead on the Firewall and Management Console itself, as an enormous amount of logs get generated once you turn it on.

    The way the anti-DoD function works, is that, in a nutshell, it relays or proxies the 3 way handshake. Basically, when you turn it on, instead of the client peforming the 3 way handshake with the host, the Firewall peforms the entire handshake process on it behalf.

    There are a variety of different methods of this anti-DoD function, some put more of an overhead on the Firewall than others.
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •