> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 29, 2003 11:02 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Full-Disclosure] How to easily bypass a firewall...
>
> At 03:49 PM 7/28/2003 -0500, you wrote:
> >5. Firewall dialog box uses random numbers / letters represented by
> >graphics that the user has to enter in a password field if
> the password
> >is not correct sound alarm, halt system.
>
> know of anything that does this?
>
Would it matter? The scenario that was proposed is that there's a
trojan on the box, and it can attempt certain methods of
programmatically disabling the firewall. If there's a trojan on the
box, what does it matter? *Anything* on the box can be disabled at that
point.
If I break in to a Linux box, for example, all I have to do, once I have
root, is type:
% /etc/rc.d/init.d/ipchains stop
If it's a Windows box, I just kill the service:
C:\ sc stop {firewall servicename}
Or install the pstools to do it.
The point is, once the box is owned, nothing else matters.
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
