phrack - Java tears down the Firewall

phrack - Java tears down the Firewall

Post by none » Thu, 09 Jan 2003 11:27:46



I noticed this interesting article about bypassing firewalls using java
which looks like it will work on iptables firewalls also.

http://www.phrack-dont-give-a-shit-about-dmca.org/show.php?p=60&a=3

 
 
 

phrack - Java tears down the Firewall

Post by Kasper Dupon » Thu, 09 Jan 2003 15:25:53



> I noticed this interesting article about bypassing firewalls using java
> which looks like it will work on iptables firewalls also.

> http://www.phrack-dont-give-a-shit-about-dmca.org/show.php?p=60&a=3

I think the use of TTL to detect if a packet came from the host itself
or the firewall is interesting. What could a firewall do about that?

Changing the TTL of all outgoing packets would not be a good idea. The
host might choose different TTL depending on the type of packet, thus
if you do not see the expected pattern, you will know it has been
modified. And the change of TTL would also break the use of traceroute
from computers behind the firewall.

Assume we could have the firewall somehow find out what TTL would have
been used for the reply generated in the firewall if it had come from
the host itself. But even then we might not be satisfied. Now it is to
some extent possible to map the structure of the network behind the
firewall. Forcing all incoming packets to have the same TTL as they
enter the network might also reveal something, because on the reply
packets we can see how far away it is, but if we send something with a
TTL one to small it might still reach the host because it is being
modified by the firewall.

Is it possible to achieve all our goals?
1) It is not possible from outside the firewall to find the structure
   of the network behind it. I.e. it should appear flat, with all IPs
   in use, and all not explicitly allowed ports appearing to be closed.
2) It is not possible from outside the firewall to detects its existence.
3) We do not break anything, in particular not traceroute from hosts
   behind the firewall. (Traceroute from outside the firewall should
   also give consistent results, though not necesarilly true for the
   last part of the route behind the firewall.)

--
Kasper Dupont -- der bruger for meget tid p? usenet.

for(_=52;_;(_%5)||(_/=5),(_%5)&&(_-=2))putchar(_);

 
 
 

1. Java, Java, Java, Java, Java, Java .....

In the systems being developed here, everything is coded in Java. There
are about 100 Java applications each running its own virtual machine.

I'm supposed to work with test and performance analysis of these systems
and I'm using tools that log system behaviour on process level.

The problem is that all I see is 100 processes named Java with some
small variations in command line parameters.

Is there a safe way to alter the process names either at startup or at
runtime ?
What could be the consequences of doing such a thing ?

//Hans Hagberg

2. ISDN FOR LINUX PLEEZ HELP

3. Does DRI tear the system down?

4. when you can't change your default login shell

5. SVM: tearing down and putting back a RAID 5 on the same system?

6. /proc, what does it do?

7. Tear down the Wall

8. Help: Netscape + Java + Bus Error

9. routing tables cleared when ppp connection is tore down!

10. java/50729: java/jdk14: broken java.net.NetworkInterface calls

11. Phrack Mazagine ??

12. Announcement: Phrack Magazine, issue 51