+ All Categories
Home > Documents > How to bypass the firewall Guo, Pei November 06, 2006.

How to bypass the firewall Guo, Pei November 06, 2006.

Date post: 18-Dec-2015
Category:
View: 218 times
Download: 0 times
Share this document with a friend
Popular Tags:
38
How to bypass the firewall Guo, Pei November 06, 2006
Transcript
Page 1: How to bypass the firewall Guo, Pei November 06, 2006.

How to bypass the firewall

Guo, Pei

November 06, 2006

Page 2: How to bypass the firewall Guo, Pei November 06, 2006.

Why do we need the firewall ?

What is the firewall ?

How to bypass the firewall ?

Seminar "Computer Security" November 06, 2006 2

Page 3: How to bypass the firewall Guo, Pei November 06, 2006.

Part I

Why do we need the firewall ?

Seminar "Computer Security" November 06, 2006 3

Page 4: How to bypass the firewall Guo, Pei November 06, 2006.

Why do we need the firewall ? The internet is only research-oriented when it occurs and its

communication protocols were designed for a more benign and

safe environment than now.

There have had over one million computer networks and well over

one billion users by the end of the last century, but the internet is

twisted steadily from the initial one and its environment is much

less trustworthy. It contains all the dangerous situations, nasty

people, and risks that we can find in the true-life society as a whole.

When a network is connected to the outside, the communication

between them are bi-directional. Therefore, it is very important for

the users to protect their local system from the spiteful attack from

the outside. Seminar "Computer Security" November 06, 2006 4

Page 5: How to bypass the firewall Guo, Pei November 06, 2006.

Part II

What is the firewall ?

Seminar "Computer Security" November 06, 2006 5

Page 6: How to bypass the firewall Guo, Pei November 06, 2006.

Terminology of the firewall

In our common sense, the term "fire wall"

originally meant, and still means, a fireproof

wall intended to prevent the spread of fire from

one room or area of a building to another.

In computer science, the term “fire wall” is a

kind of gateway that restricts and controls the

flow of traffic between networks, typically

between an internal network and the Internet. It

is inserted between your network and the

outside network to build up a controlled link

and an outer security wall. Seminar "Computer Security" November 06, 2006 6

Page 7: How to bypass the firewall Guo, Pei November 06, 2006.

Characteristics of the firewall

All the traffics between the inside and outside network must pass

through and be checked by the firewall.

Only authorized traffics, as defined in the local security policy, are

allowed to pass the firewall.

The firewall itself is immune to penetration.

Seminar "Computer Security" November 06, 2006 7

Page 8: How to bypass the firewall Guo, Pei November 06, 2006.

Capabilities of the firewall

A firewall should keeps unauthorized users out of the protected

network, prohibits potentially vulnerable services from entering or

leaving the network, and provides protection from various kinds of

IP spoofing and routing attacks.

A firewall should provide a location for monitoring, auditing and

alarming security-related events.

A firewall should be a convenient platform for some Internet functions

that are not security related. These included a network address

translator, which maps local address to Internet address, and a networ

k

management function that audits or logs Internet usage.Seminar "Computer Security" November 06, 2006 8

Page 9: How to bypass the firewall Guo, Pei November 06, 2006.

Limitations of the firewall

The firewall can NOT protect against these attacks that bypass the firewall.

The firewall can NOT protect against the internal threats.

The firewall can NOT protect against the transfer of virus-infected

programs or files.

Seminar "Computer Security" November 06, 2006 9

Page 10: How to bypass the firewall Guo, Pei November 06, 2006.

Generations of the firewall

The technology of firewall is presented in the late 1980s when the

Internet still was a fairly new technology in terms of its global use and

connectivity.

Generations:

- Packet filtering: the first paper on it published in 1988

- Stateful inspection: in early 1990s

- Circuit-level gateway: 1980 - 1990

- Application-level gateway: in 1990s

- Other generations: Any or all of the above can be combined

Seminar "Computer Security" November 06, 2006 10

Page 11: How to bypass the firewall Guo, Pei November 06, 2006.

Some knowledge related to the firewall

OSI model:

Seminar "Computer Security" November 06, 2006 11

Page 12: How to bypass the firewall Guo, Pei November 06, 2006.

Private network

The common types of the firewall

Type 1: Packet-filtering router

Network layer firewall

Original and the most basic firewall

Control the flow of data by the information

in the packet header:

- Source Address

- Destination Address

- Protocol used for transferring the data

Direct connection between the internal network and outside network

Seminar "Computer Security" November 06, 2006 12

Page 13: How to bypass the firewall Guo, Pei November 06, 2006.

The common types of the firewall

Type 1: Packet-filtering router

PROS:

- Transparency and high performance

- Easy implementation and maintain

- Application Independence

CONS:

- Low security

- No screening above network layer

(No 'state' or application-context information)

Seminar "Computer Security" November 06, 2006 13

Page 14: How to bypass the firewall Guo, Pei November 06, 2006.

Private network

The common types of the firewallType 2: Stateful inspection

Also knows as dynamic packet filtering

Adds stateful inspection modules between

the data-link layer and network layer

Extracts some state-related

information required for security

decisions from the application layers and maintains this

information in dynamic state tables for evaluating subsequent

connection attempts.

Direct connection between the inside and outside network

Seminar "Computer Security" November 06, 2006 14

Page 15: How to bypass the firewall Guo, Pei November 06, 2006.

The common types of the firewall

Type 2: Stateful inspection

PROS:

- Higher security than packet filtering router

- Extensibility, transparency and high performance

CONS:

- No application level security is provided

- Do not look at the packets as close as application-level gateway

Seminar "Computer Security" November 06, 2006 15

Page 16: How to bypass the firewall Guo, Pei November 06, 2006.

The common types of the firewall

Type 3: Circuit-level gateway

Transport layer firewall

Creates a circuit (connection)

between the internal host and

the outside server by acting as

an agent without interpreting the application level information

More like a packet filter with the ability to hide the client

Seminar "Computer Security" November 06, 2006 16

Private network

Page 17: How to bypass the firewall Guo, Pei November 06, 2006.

The common types of the firewall

Type 3: Circuit-level gateway

PROS:

- Higher security than packet filtering router

- Higher performance than application-level gateway

- Can be implemented with a large number of protocols as no need

to comprehend the information at the protocol level

CONS:

- Once a connection is established it is always possible to send

malicious data in the packets.

Seminar "Computer Security" November 06, 2006 17

Page 18: How to bypass the firewall Guo, Pei November 06, 2006.

Private network

The common types of the firewall

Type 4: Application-level gateway

Application layer firewall

Performs all the basic functions of the circuit-level

gateway with better traffic monitoring

Comprehend information at

the higher levels in the TCP/IP stack

up to the application layer

Not allow direct connections between an internal host and an

external server under any circumstances

Seminar "Computer Security" November 06, 2006 18

Page 19: How to bypass the firewall Guo, Pei November 06, 2006.

The common types of the firewall

Type 4: Application-level gateway

PROS:

- Good security

- Full application-layer awareness

CONS:

- Poor Performance

- Limited Application Support

- Poor Scalability (Breaks client/server model)

Seminar "Computer Security" November 06, 2006 19

Page 20: How to bypass the firewall Guo, Pei November 06, 2006.

Part III

How to bypass the firewall ?

Seminar "Computer Security" November 06, 2006 20

Page 21: How to bypass the firewall Guo, Pei November 06, 2006.

How to bypass the firewall ?

“Legal” ways:

- IP address spoofing

- Source routing

- Tiny fragments

“Illegal” ways:

- Rootkit

- Trojan

Seminar "Computer Security" November 06, 2006 21

Page 22: How to bypass the firewall Guo, Pei November 06, 2006.

IP address spoofing can be defined as an intentional misrepresentation of

the source IP address in an IP packet in order to conceal the identity of

the sender or to impersonate another computing system. In IP address

spoofing, the user gains unauthorized access to a computer or a network

by making it appear that the message comes from a trusted machine by

“spoofing” the IP address of that machine.

Seminar "Computer Security" November 06, 2006 22

Terminology of IP address spoofing

Page 23: How to bypass the firewall Guo, Pei November 06, 2006.

Internet protocol (IP) is a network protocol operating at network layer

of the OSI model. It is a connectionless model, meaning there is no

information regarding transaction state, which is used to route packets

on a network. The basic unit of data transfer in a packet network is

called an IP packet.

IP packet header:

Seminar "Computer Security" November 06, 2006 23

Theory of IP address spoofing

Page 24: How to bypass the firewall Guo, Pei November 06, 2006.

Transmission control protocol (TCP) is operating at transport layer

of the OSI model. Unlike IP, TCP uses a connection-oriented design.

It means that the users in a TCP session must build a connection - via

the 3-way handshake (SYN-SYN/ACK-ACK).

TCP packet header:

Seminar "Computer Security" November 06, 2006 24

Theory of IP address spoofing

Page 25: How to bypass the firewall Guo, Pei November 06, 2006.

The TCP/IP protocol suite uses numeric identifiers called IP addresses

to uniquely identify computers on a network.

Because some systems rely on source IP addresses as a means of

authentication. Access to a system or services provided by a system

is decided based on the claimed source IP address contained in the

packet. Using some kinds of tools, the users can easily modify these

addresses, specifically the “source address” field, to make them to

bypass the firewall.

Seminar "Computer Security" November 06, 2006 25

Theory of IP address spoofing

Page 26: How to bypass the firewall Guo, Pei November 06, 2006.

Seminar "Computer Security" November 06, 2006 26

Theory of IP address spoofing

A impersonates C (trusted machine) to spoof B:

A

B

C:

Page 27: How to bypass the firewall Guo, Pei November 06, 2006.

Source routing is a technique that the sender of a packet can specify the r

oute that a packet should take through the network. As a packet travels th

rough the network, each router will examine the "destination IP address"

and choose the next hop to forward the packet. In source routing, the "so

urce" (i.e. the sender) makes some or all of these decisions.

Seminar "Computer Security" November 06, 2006 27

Terminology of source routing

Page 28: How to bypass the firewall Guo, Pei November 06, 2006.

Seminar "Computer Security" November 06, 2006 28

Theory of source routing

A: Sender F: Destination

To bypass the firewall, the sender A specific the routing:

A -> B -> C -> D -> E -> F

A C

B

C

D

E EF

Page 29: How to bypass the firewall Guo, Pei November 06, 2006.

Tiny fragments is a means that the user uses the IP fragmentation to crea

te extremely small fragments and force the TCP header information into a

separate packet fragment. This way is designed to bypass the filtering rul

es that depend on TCP header information. The users hopes that only the

first fragment is examined by the filtering router and the remaining fragme

nts are passed through.

Seminar "Computer Security" November 06, 2006 29

Terminology of tiny fragment

Page 30: How to bypass the firewall Guo, Pei November 06, 2006.

Seminar "Computer Security" November 06, 2006 30

Theory of tiny fragment

IP-3arojiobok:

MF=1, Fragment Offset=0

Source Port Destination Port

Sequence Number (SN)

IP-3arojiobok:

MF=0, Fragment Offset=1

Acknowledgment Sequence Number (ACK SN)=0

Date reserved - - - - S - Windows

Offset Y

N

ChecksumUrgent Pointer=0

Options Padding

TCP header information

Page 31: How to bypass the firewall Guo, Pei November 06, 2006.

Seminar "Computer Security" November 06, 2006 31

Concrete example bypassing firewall - SSH

Prerequisites:

A computer at home that you can leave connected to the Internet

when you're at work. The Internet connection at home should be fast,

usually cable or DSL. (Technically, this can work with a dialup modem

connection, but it may cause problems and it's really slow.)

Linux, Unix, Microsoft Windows NT, 2000, or XP installed on your

computer at home.

Linux, Unix or any flavor of Windows on your computer at work.

Page 32: How to bypass the firewall Guo, Pei November 06, 2006.

Seminar "Computer Security" November 06, 2006 32

Run an SSH server on your computer at home.

Use an SSH client on your computer at work to create a secure tunnel

between your home and work computers.

Enable Dynamic Forwarding in the SSH client to simulate a SOCKS

Proxy.

Configure Internet Explorer to use a SOCKS Proxy for network traffic

instead of connecting directly.

Concrete example bypassing firewall - SSH

Page 33: How to bypass the firewall Guo, Pei November 06, 2006.

Seminar "Computer Security" November 06, 2006 33

Using an SSH tunnel with Dynamic Forwarding:

Concrete example bypassing firewall - SSH

Page 34: How to bypass the firewall Guo, Pei November 06, 2006.

Rootkit

Rootkit (also written as “Root kit”) is a set of software tools intended

to conceal running processes, files or system data, thereby helping

an intruder to maintain access to a system whilst avoiding detection.

Rootkit is known to exist for a variety of operating systems such as

Linux, Solaris, and versions of Microsoft Windows.

Seminar "Computer Security" November 06, 2006 34

Page 35: How to bypass the firewall Guo, Pei November 06, 2006.

Trojan

In the computer software, a Trojan horse is a malicious program that

is disguised as or embedded within legitimate software. The term is

derived from the classical myth of the Trojan Horse. They may look

useful or interesting (or at the very least harmless) to an unsuspecting

user, but are actually harmful when executed. Often the term is

shortened to simply Trojan.

Seminar "Computer Security" November 06, 2006 35

Page 36: How to bypass the firewall Guo, Pei November 06, 2006.

Part VI

Conclusion

Seminar "Computer Security" November 06, 2006 36

Page 37: How to bypass the firewall Guo, Pei November 06, 2006.

The needs and origin the firewall

The essentials of the firewall

- The definition, characteristics, and capabilities/limitation of the firewall

- The generation and types of the firewall

The principles on how to bypass the firewall

- “Legal” ways

- “Illegal” ways

Review

Seminar "Computer Security" November 06, 2006 37

Page 38: How to bypass the firewall Guo, Pei November 06, 2006.

Thanks, all you!!!

Seminar "Computer Security" November 06, 2006 38


Recommended