PDA

View Full Version : SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.


evilghost
09-19-07, 12:07 PM
Article:
http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php

Q
09-19-07, 02:29 PM
I use Comodo Personal Firewall, but still... that's a bit unnerving.

What do you recommend for securing a home network, Ghost? How is YOUR network set up at home, if you don't mind me asking.

evilghost
09-19-07, 02:41 PM
It'd be hard to describe my setup and have it make any sense, probably would take a couple of pages.

I'd get an OpenWRT device and add explicit ingress/egress iptables policies, redirect HTTP traffic to SQUID, and use inline SNORT with bleeding-snort sigs.

I wouldn't rely on Win32 firewalls.

Q
09-19-07, 02:52 PM
I wouldn't rely on Win32 firewalls.

That's surprising. I would have thought you would have been using a machine with Vista Home Basic's built-in firewall and then just bridge the connection.

Q
09-19-07, 02:54 PM
It'd be hard to describe my setup and have it make any sense, probably would take a couple of pages.


Oh please, enlighten us! If you have the time, who cares about a couple pages. Your post would actually be INFORMATION instead of FAPPING and gehsex.

evilghost
09-19-07, 02:59 PM
Oh please, enlighten us! If you have the time, who cares about a couple pages. Your post would actually be INFORMATION instead of FAPPING and gehsex.

OpenWRT with iptables, explicit ingress/egress policy. SQUID proxy server on primary server. iprecorder (tcpdump w/redirection to pcap) bound to WAN interface on OpenWRT over SSH to pcap file(s) on server (excellent forensic investigation tool since I can review raw packet data). Perl code tailing pcap with redirection to FIFO. Snort + BASE on server reading FIFO.

OSSEC-HIDS watching server, syslog-ng receive syslog messages from OpenWRT.

That's just the "network layer" crap, when we start talking application layer we'll be a couple of pages.

Tuork
09-19-07, 05:40 PM
So many acronyms...

ugh... my head :p

Absolution
10-24-07, 12:05 AM
my rootkit to avoid punkbuster is vulnerable, oh noes! ;):D:D:D:D

ViN86
10-24-07, 01:09 AM
Oh please, enlighten us! If you have the time, who cares about a couple pages. Your post would actually be INFORMATION instead of FAPPING and gehsex.
:wtf:

yea, cause ghost gets paid to help you...

ghost, im sure this affects Vista as well, correct? what would be the simplest way to prevent an attack of this type?

Q
10-24-07, 09:01 AM
:wtf:

yea, cause ghost gets paid to help you...


Uh....what the hell, man?

I wasn't saying "give me help, now!" I even started off with "if you don't mind...", then when he said that it would be a couple pages I said "if he had the time". I wasn't making demands and I was just hoping that he would share the general topology of his home network with us since he obviously knows what he's doing. I wasn't badgering the guy!

And that was like a month ago. Geeze! :p

;)

ViN86
10-24-07, 11:33 AM
Uh....what the hell, man?

I wasn't saying "give me help, now!" I even started off with "if you don't mind...", then when he said that it would be a couple pages I said "if he had the time". I wasn't making demands and I was just hoping that he would share the general topology of his home network with us since he obviously knows what he's doing. I wasn't badgering the guy!

And that was like a month ago. Geeze! :p

;)
my bad, i didnt pick up the sarcasm in the post

sorry Q, i thought it was out of your character to be mean to ghost. sorry :o

Q
10-24-07, 01:30 PM
my bad, i didnt pick up the sarcasm in the post

sorry Q, i thought it was out of your character to be mean to ghost. sorry :o

Me and Ghost have a man-baby. There is NO love lost there, I assure you.

XDanger
12-09-07, 04:26 PM
"ZoneAlarm was almost perfect in all other aspects that are not related to the security."

:)