nV News Forums

 
 

nV News Forums (http://www.nvnews.net/vbulletin/index.php)
-   Networking And Security (http://www.nvnews.net/vbulletin/forumdisplay.php?f=58)
-   -   SSDT Hooking vulnerable, 100% of tested firewalls vulnerable. (http://www.nvnews.net/vbulletin/showthread.php?t=98693)

evilghost 09-19-07 12:07 PM

SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.
 
Article:
http://www.matousec.com/projects/win...re-drivers.php

Q 09-19-07 02:29 PM

Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.
 
I use Comodo Personal Firewall, but still... that's a bit unnerving.

What do you recommend for securing a home network, Ghost? How is YOUR network set up at home, if you don't mind me asking.

evilghost 09-19-07 02:41 PM

Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.
 
It'd be hard to describe my setup and have it make any sense, probably would take a couple of pages.

I'd get an OpenWRT device and add explicit ingress/egress iptables policies, redirect HTTP traffic to SQUID, and use inline SNORT with bleeding-snort sigs.

I wouldn't rely on Win32 firewalls.

Q 09-19-07 02:52 PM

Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.
 
Quote:

Originally Posted by evilghost
I wouldn't rely on Win32 firewalls.

That's surprising. I would have thought you would have been using a machine with Vista Home Basic's built-in firewall and then just bridge the connection.

Q 09-19-07 02:54 PM

Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.
 
Quote:

Originally Posted by evilghost
It'd be hard to describe my setup and have it make any sense, probably would take a couple of pages.

Oh please, enlighten us! If you have the time, who cares about a couple pages. Your post would actually be INFORMATION instead of FAPPING and gehsex.

evilghost 09-19-07 02:59 PM

Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.
 
Quote:

Originally Posted by Q
Oh please, enlighten us! If you have the time, who cares about a couple pages. Your post would actually be INFORMATION instead of FAPPING and gehsex.

OpenWRT with iptables, explicit ingress/egress policy. SQUID proxy server on primary server. iprecorder (tcpdump w/redirection to pcap) bound to WAN interface on OpenWRT over SSH to pcap file(s) on server (excellent forensic investigation tool since I can review raw packet data). Perl code tailing pcap with redirection to FIFO. Snort + BASE on server reading FIFO.

OSSEC-HIDS watching server, syslog-ng receive syslog messages from OpenWRT.

That's just the "network layer" crap, when we start talking application layer we'll be a couple of pages.

Tuork 09-19-07 05:40 PM

Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.
 
So many acronyms...

ugh... my head :p

Absolution 10-24-07 12:05 AM

Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.
 
my rootkit to avoid punkbuster is vulnerable, oh noes! ;):D:D:D:D

ViN86 10-24-07 01:09 AM

Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.
 
Quote:

Originally Posted by Q
Oh please, enlighten us! If you have the time, who cares about a couple pages. Your post would actually be INFORMATION instead of FAPPING and gehsex.

:wtf:

yea, cause ghost gets paid to help you...

ghost, im sure this affects Vista as well, correct? what would be the simplest way to prevent an attack of this type?

Q 10-24-07 09:01 AM

Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.
 
Quote:

Originally Posted by ViN86
:wtf:

yea, cause ghost gets paid to help you...

Uh....what the hell, man?

I wasn't saying "give me help, now!" I even started off with "if you don't mind...", then when he said that it would be a couple pages I said "if he had the time". I wasn't making demands and I was just hoping that he would share the general topology of his home network with us since he obviously knows what he's doing. I wasn't badgering the guy!

And that was like a month ago. Geeze! :p

;)

ViN86 10-24-07 11:33 AM

Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.
 
Quote:

Originally Posted by Q
Uh....what the hell, man?

I wasn't saying "give me help, now!" I even started off with "if you don't mind...", then when he said that it would be a couple pages I said "if he had the time". I wasn't making demands and I was just hoping that he would share the general topology of his home network with us since he obviously knows what he's doing. I wasn't badgering the guy!

And that was like a month ago. Geeze! :p

;)

my bad, i didnt pick up the sarcasm in the post

sorry Q, i thought it was out of your character to be mean to ghost. sorry :o

Q 10-24-07 01:30 PM

Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.
 
Quote:

Originally Posted by ViN86
my bad, i didnt pick up the sarcasm in the post

sorry Q, i thought it was out of your character to be mean to ghost. sorry :o

Me and Ghost have a man-baby. There is NO love lost there, I assure you.


All times are GMT -5. The time now is 04:45 AM.

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.