Go Back   nV News Forums > Software Forums > Networking And Security

Newegg Daily Deals

Reply
 
Thread Tools
Old 09-19-07, 11:07 AM   #1
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.

Article:
http://www.matousec.com/projects/win...re-drivers.php
evilghost is offline   Reply With Quote
Old 09-19-07, 01:29 PM   #2
Q
 
Join Date: Sep 2004
Posts: 7,808
Default Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.

I use Comodo Personal Firewall, but still... that's a bit unnerving.

What do you recommend for securing a home network, Ghost? How is YOUR network set up at home, if you don't mind me asking.
Q is offline   Reply With Quote
Old 09-19-07, 01:41 PM   #3
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.

It'd be hard to describe my setup and have it make any sense, probably would take a couple of pages.

I'd get an OpenWRT device and add explicit ingress/egress iptables policies, redirect HTTP traffic to SQUID, and use inline SNORT with bleeding-snort sigs.

I wouldn't rely on Win32 firewalls.
evilghost is offline   Reply With Quote
Old 09-19-07, 01:52 PM   #4
Q
 
Join Date: Sep 2004
Posts: 7,808
Default Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.

Quote:
Originally Posted by evilghost
I wouldn't rely on Win32 firewalls.
That's surprising. I would have thought you would have been using a machine with Vista Home Basic's built-in firewall and then just bridge the connection.
Q is offline   Reply With Quote
Old 09-19-07, 01:54 PM   #5
Q
 
Join Date: Sep 2004
Posts: 7,808
Default Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.

Quote:
Originally Posted by evilghost
It'd be hard to describe my setup and have it make any sense, probably would take a couple of pages.
Oh please, enlighten us! If you have the time, who cares about a couple pages. Your post would actually be INFORMATION instead of FAPPING and gehsex.
Q is offline   Reply With Quote
Old 09-19-07, 01:59 PM   #6
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.

Quote:
Originally Posted by Q
Oh please, enlighten us! If you have the time, who cares about a couple pages. Your post would actually be INFORMATION instead of FAPPING and gehsex.
OpenWRT with iptables, explicit ingress/egress policy. SQUID proxy server on primary server. iprecorder (tcpdump w/redirection to pcap) bound to WAN interface on OpenWRT over SSH to pcap file(s) on server (excellent forensic investigation tool since I can review raw packet data). Perl code tailing pcap with redirection to FIFO. Snort + BASE on server reading FIFO.

OSSEC-HIDS watching server, syslog-ng receive syslog messages from OpenWRT.

That's just the "network layer" crap, when we start talking application layer we'll be a couple of pages.
evilghost is offline   Reply With Quote
Old 09-19-07, 04:40 PM   #7
Tuork
Official pain in the ass
 
Tuork's Avatar
 
Join Date: May 2003
Location: 127.0.0.1
Posts: 1,197
Send a message via MSN to Tuork
Default Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.

So many acronyms...

ugh... my head
__________________
My avatar: "An obscure and non sensical pattern made to get people to post what they think it is" - Vamp

Dimitri:
Dell XPS M1530
Core2Duo T5550 1.86Ghz | 3GB DDR2 | 8600M GT 256MB | 250GB Hdd | BenQ FP202W 20" LCD | MX1000 mouse | Inspire T5400 5.1
Tuork is offline   Reply With Quote
Old 10-23-07, 11:05 PM   #8
Absolution
AbsoUI
 
Absolution's Avatar
 
Join Date: Dec 2004
Posts: 933
Default Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.

my rootkit to avoid punkbuster is vulnerable, oh noes!
Absolution is offline   Reply With Quote

Old 10-24-07, 12:09 AM   #9
ViN86
 
Join Date: Mar 2004
Posts: 15,486
Default Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.

Quote:
Originally Posted by Q
Oh please, enlighten us! If you have the time, who cares about a couple pages. Your post would actually be INFORMATION instead of FAPPING and gehsex.


yea, cause ghost gets paid to help you...

ghost, im sure this affects Vista as well, correct? what would be the simplest way to prevent an attack of this type?
ViN86 is offline   Reply With Quote
Old 10-24-07, 08:01 AM   #10
Q
 
Join Date: Sep 2004
Posts: 7,808
Default Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.

Quote:
Originally Posted by ViN86


yea, cause ghost gets paid to help you...
Uh....what the hell, man?

I wasn't saying "give me help, now!" I even started off with "if you don't mind...", then when he said that it would be a couple pages I said "if he had the time". I wasn't making demands and I was just hoping that he would share the general topology of his home network with us since he obviously knows what he's doing. I wasn't badgering the guy!

And that was like a month ago. Geeze!

Q is offline   Reply With Quote
Old 10-24-07, 10:33 AM   #11
ViN86
 
Join Date: Mar 2004
Posts: 15,486
Default Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.

Quote:
Originally Posted by Q
Uh....what the hell, man?

I wasn't saying "give me help, now!" I even started off with "if you don't mind...", then when he said that it would be a couple pages I said "if he had the time". I wasn't making demands and I was just hoping that he would share the general topology of his home network with us since he obviously knows what he's doing. I wasn't badgering the guy!

And that was like a month ago. Geeze!

my bad, i didnt pick up the sarcasm in the post

sorry Q, i thought it was out of your character to be mean to ghost. sorry
ViN86 is offline   Reply With Quote
Old 10-24-07, 12:30 PM   #12
Q
 
Join Date: Sep 2004
Posts: 7,808
Default Re: SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.

Quote:
Originally Posted by ViN86
my bad, i didnt pick up the sarcasm in the post

sorry Q, i thought it was out of your character to be mean to ghost. sorry
Me and Ghost have a man-baby. There is NO love lost there, I assure you.
Q is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 03:46 PM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.