Eicon Networks S92 Uživatelský manuál stáhnout pdf (Strana 190)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 190

FirewallAttack

InformationGathering:

VisitthetargetGIACwebsite.Studyitthoroughly.Knowwhatbusinessitisin.

Knowwhatfunctionsthesiteisproviding.Fromthe“sitevisit”,wecantellwhat

applicationprotocolsareallowed(suchasHTTP,HTTPS,FTP,SMTP…etc.),andcan

makeaneducatedguesson therulebaseconfiguration.

Run NSLOOKUP againstGIAC.Atypicalsetupusedbymanyecommercesitesisto

haveasecondaryDNSserverrunningoffsitesomewhere(mostlylikelyintheISP’s

premise).NSLOOKUP tellsuswhatDNSserversareusedby GIAC.IfoneDNS

serverishostedoffsite,zonetransfertraffichastobeallowedbetweentheonsiteDNS

andtheoffsiteDNS. Thisopensupapotentialsecurityhole.

Collectinformationaboutthefirewall.Althoughthearchitecturemapwehaveon

handshowsclearlythatFW1istheprimaryfirewallinuse,thismighthavebeen

changedbythetimeweplantheattack.

AngelaOrebaughinherGCFWpractical

59

suggeststhatwedetectFW1byscanning

itsdefaultTCPportsat256,257,and258usingnmap

(nmap–n –vv –P0–p256,257,258X.Y.Z.1.254),orbyrunningtracerouteagainst

GIAC’ssite(#traceroutewww.giacfortunes.com).IpersonallytriedusingRetina

(whichisbasedonnmaptechnology

60

)toscanaFW1installation,andfoundthatits

OStypecanbedetectedonlyifthestealthruleisdisabled.

ToomuchscanningmaytriggeranyhiddenIDSandblockoursubsequent

intrusionattempts!

Attacking–theport259route:

ThisattackallowsustobypassFW1andreachtheinternalhostsbehindit.

59

http://www.giac.org/practical/Angela_Orebaugh_GCFW.zip

60

http://www.eeye.com/html/Products/Retina/index.html

1 2 ... 185 186 187 188 189 190 191 192 193 194 195 ... 208 209

Žádné komentáře

Eicon Networks S92 Uživatelský manuál Strana 190