IT Employment

General discussion


Firewalling with LordInfidel

By LordInfidel ·
This is a continuation of my latest thread "DSL and Firewalls".

Every so often, I will be asked a question by a peer or coworker regarding security and firewalling concepts that I would deem "shareable knowledge". That is, I beleive others wouldbe interested in knowing the answer.

Today, I was asked by a co-worker what a Stateful Firewall was. He has heard the term but really did not fully grasp the 'full' concept behind it.

I say 'full' because he understood the state of flags suchas syn-syn/ack-ack. But that was his limit to his understanding.

So I thought I would share my answer to him here with you.

It is my hope that if you have had a yearning to know this answer or have been generally clueless about firewalling and the concept, that this helps you.

If you have a question, please feel free to ask.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by Jellimonsta In reply to You may want to know this

You wicked wicked man you! P

Collapse -

I did'nt come up with it

by LordInfidel In reply to wicked!

I don't want to take credit for something I did'nt come up with.

But in order to protect your networks you have to think the way a hacker does. Sometimes it means doing things that are not always kosher.

I never look at security thru obscurity as a legitimate security practice. Why, because if I was planning on taking down a netwk, I would look for systems that I can take over and launch a massive attack, months after I broke in and planted a zombie.

People always think that these massive DoS attacks happen overnight, like in the movie hackers. By time these things go off, the people behind them have already covered their tracks and are just sittin back watchin. They are not actively sitting there at there system pressing the red button.

I digress--

In short, if you can think up a possible scenario to be hacked, even though it is not possible today, that's not to say tommorow it won't be.

Collapse -

Yep, gotta pay your dues...

by admin In reply to I did'nt come up with it

takes a long time to get all your zombies in place, eh?

Collapse -

I assume you are talking about this?

by admin In reply to You may want to know this

"Today i was searching for web servers on a ISP and got many responses from
> webramp servers. Some of them when you connect and ask you for
> authorization they already tell you whats the username to use (wradmin).
> The default username and password are: wradmin / trancell

Believe me, if I am wrong on this I accept that and willingly say it's a waste of money, however, I did look this up and the 700s DOES say it ALLOWS ( ) you to change the default. Even in the Bugtraq quote above you can clearly see that it states:"some of them" give you the Log In name and it's pretty unlikely that if someone didn't change this that the default PW remains the same. Those that do this get what they deserve, and I'm glad they exist to be the greener pastures....
I have seen the same thing repeatedly on other well known products too, where people think that if you spend the bucks and hook it up outta the box you're secure, well, obviously not.

You're exactly right in the exploit method, but as soon as mine actually gets here I'll let you know for sure, however, as much as it pains me to say it, I think your premise may be wrong on this particular product. That this exploit exists on some models when left to default I do not doubt, but even a careful reading of the issue at Bugtraq doesn't appear to say all Webramps have a password "not able to be changed."
Of course, I am wrong a lot and willing and able to change my mind immediately upon reciept of sufficient proof. :^)

Collapse -

default pwd

by LordInfidel In reply to I assume you are talking ...

I was able to change the pwd on the linksys, but when I went to tftp a update. It would not let take the changed u/p

It would only take the default pwd which should of have been changed.

I suspect that this is what they were reffering to.That even though you can 'change' the default u/p, it really never goes away. (Although of course a hard reset will bring it back to it's defaults, that is to be expected)

But I would insist that if I changed the u/p on something and then I wentto update that device via a relatively unsecure protocol like tftp, that it better damn well only accept the u/p I set up on the device.

The only thing I can say is test it and see what happens.

Collapse -

I totally agree

by admin In reply to default pwd

If ya can't change the password for all entry points it's a model boat anchor.

Collapse -

Tested it.

by admin In reply to default pwd

It doesn't use tftp. It's a 700s (unlike the Webramp with the bulletin -a different product) which actually I found out is the exact same hardware as the Sonicwall and can be flashed as a Sonicwall. Like many small firewalls it does insist in the GUI that you leave the UN as "Admin", so you are right there. It gives you the ability to control a lot more than most small stuff to lock it down though. You can designate 1 fixed ip only to get into it as well as change ports etc. It also allows no management connection to the WAN, so, unless someone comes over and resets it physically you are in good shape. I know the D-Links are getting more functionality these days, but like the LinkSys they rely on TFTP and can be remotely accessed. I've checked some of these out with LANguard and Ethereal now and it can be frightningly easy to reset many products. I am going to play with BBlagent more over the holidays too. I have started running an open wiFi portion of my home broadband network, big antenna and all. I am obviously very interested in having my LAN very secure and seperate from this.

I am not sure, but I have the feeling that you may be promoting software in part because it is also a learning tool- nah, probably just hate any "hardware" solution :)

Happy Holidays! :)

Related Discussions

Related Forums