www.broadbandreports.com
  republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsJobsNewsFAQsForumsToolsMapsAbout 
   NewsSite BlogMBBMSWatchBurnfolder
newer
New Stealth Attack Against Personal Firewalls
Most common personal firewalls affected
(old news - 01:43PM Thursday May 02 2002)
tags: exclusive · security
A new stealth technique for defeating outbound traffic protection in many personal firewall applications has been discovered. Dubbed "Backstealth" the tool essentially exists as a proof of concept and currently is considered low risk, but has the ability to penetrate personal firewalls from several major league manufacturers.

According to the tool's author, Paolo Iorio, The exploit has the capability to defeat outbound blocking by Sygate Personal Firewall Pro, McAfee Personal Firewall, Norton Internet Security 2002, Kerio Personal Firewall, and Tiny Personal Firewall, with Zone Alarm unaffected. The proof of concept version simply connects to a remote web site and downloads a meaningless text file without detection, though the concept could be modified for more malicious purposes.

Unlike many firewall-bypassing tools that simply hijack a "trusted" application to gain access to the outside world, Iorio's tool hijacks the firewall application itself to do this. The BACKSTEALTH.EXE application searches the system for a firewall process, allocates a chunk of memory in that process, loads a small bit of "bootstrap" code, and remotely launches a worker thread.

The firewall application is entirely unaware that all of this is going on right under its nose, so when the worker thread starts to talk to the Internet, the firewall assumes that itself is trusted and gives it a pass. The included BACKDLL.DLL is simply a sample bit of code that fetches a single text file, but it could do most anything. The proof of concept code is in the EXE, not the DLL.

You can find an outstanding and detailed analysis of the Backstealth technology by security consultant Steve Friedl in our forums, as well as ideas on how to protect yourself if you are a Kerio user. Additional discussion can of course be found in our security forum. It should be noted that like most malicious (or potentially malicious) code, its success relies on having code run on the affected pc to begin the ball rolling. Common sense and safe computing practices should be your first line of defense.

Related:
  1. ISP Error Opens Security Holes in Web
  2. 1% Of Internet Traffic Being Fiddled With By ISPs
  3. Qwest Launching 20Mbps DSL For $100
  4. Microsoft: Many Users LIKE Spyware
  5. Sources: Comcast To Sever Involvement With Pivot
  6. Using 'Friendly Zombies' To Fight DDoS Attacks
  7. Researchers Explore 'Polluting' Botnets
  8. Comcast Considering 250GB Cap, Overage Fees

Comments not shown - There are: 170 - Read


Sunday, 11-May
22:43:54 		Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
8th year online! © 1999-2008 dslreports.com.