securityfocus.com— "An independent security researcher showed off an early version of a tool for creating covert channels that, he claims, can pass undetected through most firewalls and intrusion detection systems."
Aug 12, 2006View in Crawl 4
Doesn't Windows XP Pro have this capability already?I'm about sick of all this protocol X over protocol Y tunneling as a means of defeating firewalls...pretty much any protocol can be done that way and it just isn't an excuse for 1) having a poorly configured firewall, and 2) defeating your own crappy firewall using stupid tunneling tricks. SOAP is a fine example (look, let's jam everything through port 80 so's Cisco thinks it's web pages, har har!)
Many firewalls don't simply let things through due to port numbers. Stateful inspection is meant to watch conversations and make sure things like TCP handshakes are kosher. There are also other packet inspection techniques to classify certain traffic flows no matter what port they are using. A tunnel is one of those, it's not very common to see people deny it though.
Old news or not, I support any noise that draws attention to IPv6 and its inherent vulnerabilities. No protocol is perfect and the only way to improve it is to throw everything you can at it before it goes mainstream.
urusaiAug 12, 2006
Doesn't Windows XP Pro have this capability already?I'm about sick of all this protocol X over protocol Y tunneling as a means of defeating firewalls...pretty much any protocol can be done that way and it just isn't an excuse for 1) having a poorly configured firewall, and 2) defeating your own crappy firewall using stupid tunneling tricks. SOAP is a fine example (look, let's jam everything through port 80 so's Cisco thinks it's web pages, har har!)
osbjmgAug 12, 2006
Many firewalls don't simply let things through due to port numbers. Stateful inspection is meant to watch conversations and make sure things like TCP handshakes are kosher. There are also other packet inspection techniques to classify certain traffic flows no matter what port they are using. A tunnel is one of those, it's not very common to see people deny it though.
felderadoAug 13, 2006
obvious, and I've already found botnet'd computers being controlled by this.
chess007Aug 13, 2006
So, how does a person protect themselves from this type of attack?
hynellAug 13, 2006
IPv6 sucks
l0g1cAug 13, 2006
Old news or not, I support any noise that draws attention to IPv6 and its inherent vulnerabilities. No protocol is perfect and the only way to improve it is to throw everything you can at it before it goes mainstream.
ashayhAug 13, 2006
My Prof made me go through this article and code in school.<a class="user" href="http://www.firstmonday.org/issues/issue2_5/rowland/">http://www.firstmonday.org/issues/issue2_5/rowland/</a>Does give you a better understanding of IPv4 TCP/IP.