Eicon Networks S92 Manual do Utilizador descarregar pdf (Página 191)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 191

Sincewejusttalkedaboutthedefaultports,onethingwecan try istoexplore

vulnerabilitiesrelatedtoFW1’sports.AsearchonCERTreturnsonesuch

vulnerability.Thisvulnerabilityinvolvesport259 andisrelatedtoFW1’sRDP

protocol:

“ByaddingafakedRDPheadertotypicalUDPtraffic,anycontentcan bepassedto

port259onanyhostoneithersideofthedevice.”

61

So,howdowelaunchanattackbasedonthisinformation?Thebestthingtodoisto

lookatthe“Proofofconceptcode”availableat

http://www.insidesecurity.de/fw1_rdp_poc.html.ThesourcecodeisavailableinC

language.Bycompilingourownattackprogramusingthesecodes,suchattackcanbe

launched.Keepinmindthough,thatthisvulnerabilityisfoundonly onFW1version

4.1. Thereisnoevidencethatidenticalvulnerabilityexistsinversion4.0.

ForGIACadministratortoworkonthisissue,itissuggestedthatthefollowing

workaroundssuppliedbyinsideSECURITYbefollowed:

“

Commentline2646ofbase.def(accept_fw1_rdp;) 

DeactivateimpliedrulesintheCheckPointpolicyeditor(andbuildyourownrules

formanagementconnections).

BlockUDPtraffictoport259onyourperimeterrouter.

”

62

Attacking–theTrojanroute:

Thisattackallowsustotakecontrolof FW1.

Wealreadyknowfromour“websitevisit”whatprotocolsareallowedinGIAC’s

securityarchitecture.RememberwetalkedaboutsecondaryDNSserverandzone

transfer?FW14.x’sdefaultpolicysettingdoesallowtrafficthatheadstowardsTCP

port53 topass.Sincemanyadministratorssimplyleavethisoptionasis,whatwecan

dothenistouseNSLOOKUP oranyothermeantoinitiateazonetransferagainstthe

61

http://www.kb.cert.org/vuls/id/310295

62

http://issrv1.insidesecurity.de/fw1_rdp.html

1 2 ... 186 187 188 189 190 191 192 193 194 195 196 ... 208 209

Sem comentários

Eicon Networks S92 Manual do Utilizador Página 191