Follow us on Twitter!
Society leans ever heavily on computers, if you have the power to take out computers you can take out society. - cubeman372
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 26
Guests Online: 25
Members Online: 1

Registered Members: 82843
Newest Member: hx47
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

Firewall bypass.

Night_Stalker
Member

Your avatar

Posts: 329
Location:
Joined: 01.02.07
Rank:
Apprentice
Warn Level: 10
Posted on 14-08-11 20:52
Recently changed out firewalls on my desktop pc because the old firewall didn't detect when I would connect to it remotely via my net-book, on the wireless network (not over the internet), using a simple rootkit. Now that the firewall is changed (it is now ZoneAlarm) it refuses to allow me to connect.

Which makes me wonder, are there ways to bypass the firewall and still connect, remotely (I'm damn sure there are many ways..)?
How could someone do this?
How could it be prevented?

I don't really want step by step instructions or hand-puts on how it could be done/prevented, I dislike that.
I'm mainly just looking for some hints on what to search for to find this out, and where to look and where to start.

Thanks. :happy:
Author

RE: Firewall bypass.

rootDaemon
Member



Posts: 12
Location:
Joined: 14.11.10
Rank:
Guest
Posted on 15-08-11 02:35
Alright, first let me say i'm not 100% sure on this one, but I had a conversation about it on irc. If the firewall is stateless you can get packets through it by spoofing them as replies to a computer on the other side.

Anyone else heard of this?


Aut viam inveniam aut faciam


http://www.squidoo.com/lensmasters/rootDaemon
Author

RE: Firewall bypass.

Night_Stalker
Member

Your avatar

Posts: 329
Location:
Joined: 01.02.07
Rank:
Apprentice
Warn Level: 10
Posted on 15-08-11 04:04
rootDaemon wrote:
Alright, first let me say i'm not 100% sure on this one, but I had a conversation about it on irc. If the firewall is stateless you can get packets through it by spoofing them as replies to a computer on the other side.

Anyone else heard of this?


After reading your post, I remember reading that somewhere on a thread on HBH. Or reading something similar to it.
Author

RE: Firewall bypass.

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 15-08-11 19:31
rootDaemon wrote:
Alright, first let me say i'm not 100% sure on this one, but I had a conversation about it on irc. If the firewall is stateless you can get packets through it by spoofing them as replies to a computer on the other side.

Anyone else heard of this?


This is true. A stateless firewall only looks at each packets' values individually, without actually tracking and checking whether or not there is a valid TCP connection for that packet. If it saw that it was a reply, a stateless firewall would have to assume that there is already an active TCP connection and would pass it through. A stateful firewall would know that there isn't actually a connection, and drop it.

ZoneAlarm is stateful, however.

Without you actually poking holes in the firewall yourself, I don't believe anyone would be able to get around the firewall that ZoneAlarm creates. Personally, if I was an attacker, I would then instead MitM you and redirect all your web traffic to my own machine, and try to exploit your web browser through that method. I'm assuming we are talking LAN here, since your router acts like a firewall in itself.


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: Firewall bypass.

Night_Stalker
Member

Your avatar

Posts: 329
Location:
Joined: 01.02.07
Rank:
Apprentice
Warn Level: 10
Posted on 15-08-11 22:53
stealth- wrote:
snip


What I'm trying to do is to find a way to access a rootkit behind the stateful firewall. When I attempt to connect, I noticed that on the desktop pc, zonealarm pops up asking you to trust the connection. You have to click to trust it to allow the connection. I had read the other day something about injecting rootkits/spyware into .dll files, and if that .dll file is used by an application that is trusted by the firewall, most firewalls would allow it full access to the internet.

Could anyone verify this? o.O

Going to look into in myself and see if I can find out about it, and also try some other thing I read..