>
> AO>> 2. It can receive connection to the ICQ port
>
> Wrong. Firewall won't let incoming connection in. It would only allow to
> receive UDP packets inside "virtual circuit" created by outgoing
> connection.
1 line more and you'll see I noted "related" packets,
Since i noted a part of a process you can't break
it into parts and say "So what can you do with this part?"
The target at the end of the process is slip a packet
through the gateway and into the computer running ICQ.
>
> AO>> 3. the NAT gateway/fw allows "related" packets to pass from icq to
> AO>> 192.168.1.78
> Yes, so you can talk to gateway's forwarding port and to ICQ via it. So
> what?
What happened, if you could exploit a bug in the client, and make it
behave in a certain way?
What happened if "related" packets were sent with a tweak?
Let's say to another port, Would the firewall let it in?
This very much depends on which firewall and configuration
but many times the answer would be Yes.
>
> AO>> 4. icq packets are classified as "related".
> AO>>
> AO>> Now any man-in-the-middle attack becomes very easy.
> AO>> You spoof your address (using known flaws in DNS)
> AO>> and easily get into the inner network.
>
> Here you lost me. All you can do is to send packets to firewall's
> firwarding port, where they will be forwarded to ICQ's port on intranet
> computer, which will or process them, if they are valid UDP packets coming
> from the right source, or drop them. With skill, you can disrupt some ICQ
> session, but no more. Don't see "easily getting into inner network" here.
And how exactly do you plan to check if they are valid packets comming
from
the right source? (note that i dropped the word UDP because in some
cases
it can be tcp, weak seq numbers)
>
> BTW: this has nothing to do with DNS. No sane sysadmin bases firewall
> rules on DNS. Most firewalls won't even allow you to do this.
DNS isn't the only thing that can be spoofed, basically anything can.
and usually when you put a DNS based rule into the firewall its
simply translated to IP on the spot (and stayed with these values).
--
Alon Oz,
Aduva Research Team,
Mailto: [EMAIL PROTECTED]
--
A proud member in the Evil Linux cyberterrorist hackers (ELCH)
organization
A who can launch Denial of Service attacks against the embedded devices
in your 6-slice toaster with advanced pingflood Open Source classified
exploit codes hidden inside strongly encrypted Russian mafia pornography
that innocent American children download from online gambling web sites
located in the Northern Mariana Islands
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
