site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > New Stealth Attack Found Against Personal Firewall

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
kudos:1

reply to Zhen-Xjell

Re: New Stealth Attack Found Against Personal Firewall

My understanding of firehole was that it was very similar, except that it hooked and inserted itself in IE's space; from the sound of this, it would seem it's hooking and/or inserting itself in the firewall's space, so it becomes a standalone application layer exploit. That is, by commandeering the hook to IE, the Firehole exploit depends on IE being present, and a rule being active on the firewall to permit IE to send outbound packets to port 80. In effect, firehole "becomes" IE. It actually cons the real IE into asking for a connection, in a manner of speaking.

This would seem to impersonate or otherwise take over the firewall app, instead of one of its allowed apps. I can't say it surprises me, though, whatever it is and however it works. It's just the next logical step after firehole...

It's probably the single best way of calling attention to the inherent limitation of packet filtering firewalls... they run on the network layer, and they deal in network traffic... the enemy's figured out that the weak flank is the application layer. We need to take an offensive posture, here... abandon the purely reactive model and embrace a hybrid proactive/reactive model, using active behavior blocking and sandboxing techniques to augment conventional firewalling... or, at very least, firewalls have to be engineered to protect "themselves." As regulars in Kerio-Tiny might already know, I'm skeptical about all in one firewall and system sandbox solutions. However, I don't think, on deep thought, it's inappropriate for us to ask that a firewall be able to sandbox "itself" ... I already commented in the Kerio-Tiny forum, but I'll reiterate here, even if we aren't cracked, exploits like this undermine the integrity of our equipment and data. If a computer and its data isn't under our sole, exclusive control, it isn't "our" computer or data, anymore...
--
Adam was not alone in the Garden of Eden, however, and does not deserve all the credit; much is due to Eve, the first woman, and Satan, the first consultant.-Mark Twain, Notebook, 1867
to forum · permalink · 2002-04-29 20:23:45 ·
Forums > Broadband Tech > Security > Security

Sunday, 03-Jun 09:49:39 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics