Firewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08 What is a firewall? Firewalls are programs that were designed to protect computers from unwanted attacks and intrusions. Wikipedia defines a firewall as “an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system. It is also a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria”. By this definition alone it can be deducted that a firewall is essentially a set of rules that controls the flow of information from a single computer and the outside world. This firewall can be obtained in two different forms. One way is to get it as a software package by either purchasing it or downloading it from the internet. Another way of getting a firewall is simply by purchasing a device with a firewall built into it. Most routers now have a firewall built into it to filter out unwanted or suspicious traffic. (http://www.howstuffworks.com/firewall.htm (All sites from howstuffworks.com/firewall*)) Here is a sample picture of a firewall interface: The basic use of a firewall is to prevent any traffic that may be malicious or harmful from reaching the computer and making a connection with it. In other words if some source is trying to connect with the computer but the firewall sees the source as a suspicious signal or unknown signal it will either block it from connecting to the computer or it will inform the user that a source with such an id is trying to connect with it and gives the user the option of whether the user wants to allow it to connect or not. In so doing the firewall protects our computer from hackers by blocking their attempt to connect to our computer and cause harm. This is done using a newer system of stateful inspection. This method scans key parts of an outgoing packet and compares it to a trusted database of information. It compares incoming packets to the same database and this determines whether it is trustworthy or not. (http://www.howstuffworks.com/firewall.htm (All sites from howstuffworks.com/firewall*)) (http://www.howstuffworks.com/firewall.htm) Since hackers are aware of the existence of firewalls, the main goal for them is to find systems and computers that are not protected by a firewall. In modern times however, just about every operating system has a default firewall built into it so that would make any new system impervious to a hacker attack. This would seem like the perfect way to eliminate all the worries of computer users and ensure perfect security but the truth is that even the system that is supposed to protect us from hackers is susceptible to an attack from them and can be altered in a way so that it can be bypassed and a user’s system and computer can still be overtaken by a hacker. Cracking a Firewall Through Programming A firewall is nothing more than a set of rules that is run by software to filter traffic and determine which traffic is acceptable and which is not. As with any software programming, some programming language commands can alter a program. To do such a thing requires a very long and exhaustive process in order to do such alterations. In order to disable a firewall or alter it that way would be too complicated and too time intensive to be of much use in achieving the desired effect. (http://www.bankersonline.com/technology/crackhack1218.html) In order to do what is mentioned above, one would need to know the programming language that the program was created with. In addition to that, they would also need to know programming pretty well to know the different variable names and functions that could alter the program after it is already compiled and operational. Not only does one have to know that but also has to find a way to run this program while the firewall is doing its job, which also means to sneak this code past the firewall so it can be run. (http://www.nasscom.in/Nasscom/templates/NormalPage.aspx?id=6060) To do something of that magnitude would be to know the programming of the firewall inside out. The hacker would have to know each function run by the firewall and how it runs them. Using this information, a hacker can write his or her own code that can use that knowledge to work in its own way. For instance, let’s say that the firewall has a function called scan that runs the scanning of the different ports or addresses and the result of that scan is a Boolean called result. Based on whether the result is true or false, the connection may be accepted or rejected. If a hacker knows the programming of the firewall he or she can send a small file with code that for instance can say that if the firewall is performing the scanning function it should accept the communication or if the result of the scan is fail and the connection should be rejected, the sent instructions override the standard rules and still accept the connection. This is a way to gain control of the firewall and change its rules. This would be ideal if one wanted to gain control of a computer and use it to one’s own advantage or leisure. Of course using this would slow down the targeted computer so the user would still be somewhat alerted to the alteration and could be aware that the computer is being controlled. Of course, once the user is aware and takes measures to prevent this, such as reinstalling the firewall or formatting the drive, or even something as simple as disconnecting from the internet will sever the control. Using this method is however, very time consuming and does not offer any advantages. Another method is simpler and less time consuming than exploring the entire program and finding out all of its niches and kinks. Cracking a Firewall Using Ports Another way of cracking a firewall is to learn about the firewalls themselves. One can always download all the free firewall software that people may use and get a hold of software that might already be on a computer. This is simpler than studying code and trying to alter it. Once one gets familiar with firewalls and knows how they operate, the next step would be to familiarize oneself with the different security holes and back doors of the firewalls. (http://www.textfiles.com/piracy/CRACKING/howtoa.txt) Every piece of software ever created will have some bugs and security holes. There is no such thing as a perfect program. Knowing this, it certainly means that no firewall will be perfect and run exactly the way it was supposed to and will have its own security issues such as gaps in security or bugs. Even updates that fix these bugs or close up security holes do not eliminate all of them. They do manage to fix some but never all of them, so some areas of firewalls are still vulnerable and open to attack. The main idea of this way of cracking is to explore these loopholes and exploring them. A way for a firewall to have vulnerabilities and back doors is through different services that connect through the firewall such as remotely accessing a computer or web services such as http or ftp need to connect using ports on the firewall. These ports are used to directly connect through the firewall and link with their needed address. If these services are used often, then it would be a good idea to keep them open. However, if they are not used at all, then they are just open ports that can be used to bypass the firewall and get into the system. This is not to say that as long as there is traffic going through that port, the firewall will not let any other traffic through. Traffic is traffic and what type of traffic passes through is monitored but through some ports it is not monitored as well as through other ports. Saying this, it means that any open port on a firewall is open to access from the outside. The only thing that can determine if traffic passes through a particular port is the address from where the traffic is coming from. Whenever a port is open and traffic flows through, not only is the traffic monitored for suspicious content but also where it is coming from. If the content is coming from a trusted source, the information is then checked for any malicious code. If it is coming from an unknown source, a notification appears and a user is notified of this attempt and has the choice of accepting the connection or rejecting it. Once rejected, any attempts at connection from that address are automatically rejected and discarded. If a hacker wants to learn to crack firewalls, he or she needs to tests these vulnerabilities on a home network first to make sure that they can efficiently crack the firewall because if they try this on the internet right away, they could be easily detected and caught. (http://www.textfiles.com/piracy/CRACKING/howtoa.txt) The Steps To Cracking To crack through a firewall, the hacker needs to do some other things first. The first among them is to find a way to connect to the machine that he or she wants to crack. In order to accomplish this, a hacker will need to scan all available communication ports in order to find a way to communicate with the desired machine. Most of the computers usually use a router so to get to a target machine or network, they have to first get through a router. To do this, a hacker needs to scan all communication ports in order to find a port that is open to communication and a signal can be sent through. Once communication is established, the hacker can then attempt to try to find a hole through the firewall. This may sound easier than it is done. This is because, as mentioned above, the traffic is also monitoring addresses from which signals are sent. To bypass this feature, a hacker will have to mask his IP signature or use some domain to carry out the hack because it could be traced back to him. Of course another problem with this is if the signal(IP address) is unrecognized it could still be blocked so a person hacking the firewall would have to clone the IP address of a trusted source that can go through the firewall ports and use it as its own IP address to try to make the connection. (http://sorry.google.com/sorry/?continue=http://books.google.com/books% 3Fid%3D1yj97C_K_zAC%26pg%3DPA190%26lpg%3DPA190%26dq%3Dbyp assing%2Ba%2Bfirewall%2Bhackers%26source%3Dweb%26ots%3DozkH6C M2SW%26sig%3DxzQbjUGvuoCFqCITk5Iyf_uvIQ%26hl%3Den%26sa%3DX%26oi%3Dbook_result%26resnum% 3D9%26ct%3Dresult) In this way, the hacker is now disguised as a trusted source and the communication attempt can be accepted if the disguise holds. In this way, the hacker can now have a direct contact with the firewall and try to work his or her way around it or through it. Working through it means to just find a port that allows traffic with your disguised IP address through and work through it to access the internal network behind the firewall. Working around the firewall would mean finding a hole that the firewall does not cover and leaves a path right around it without it detecting any activity. This is the least likely of the two as the firewalls of this day and age usually cover most of the loopholes that could be found and control just about all traffic running to and from the computer. If this is a one-time hacking then all the hacker needs to do is just go with the flow of traffic and do what they desire once the firewall is vulnerable and the hacker’s signal is disguised as a genuine signal. If the hacker decides to hack this computer more than once or use the computer as a remote location to attack other places, he or she can place a Trojan or just modify the firewall so that it leaves a back door for the hacker to revisit the system and use it at will without going through getting past the firewall again. (http://www.nasscom.in/Nasscom/templates/NormalPage.aspx?id=6060) Cracking a Firewall Is Not Easy But Possible This just shows that a firewall is just a piece of software that monitors and controls traffic going from and to a computer or local network, a piece of software that just like any other software has bugs and loopholes in it that could cause it to fail or be vulnerable to attack. Even though this piece of software was specifically designed to protect a system or network from such attacks, it is itself still vulnerable. This is not to say that cracking a firewall and getting past its defenses is easy and has little consequences if the crack fails. It is just the opposite. Trying to crack through a firewall requires a lot of experience and time and resources to do. One would also have to keep up with all the updates of a given firewall that they are trying to crack and finding out about which loopholes are still available to use. In addition to that, if a hacker does not disguise his or her signal efficiently enough, they could be exposed and tracked down. Also if a hacker tries to communicate through a port that is not available, they will be denied access and could be exposed so there is a lot of risk involved. A system is quite secure with a firewall, but one has to know how to set it up and how to maintain it. To keep a system at its utmost secure, one needs to know which services one will be using and close down all the other services that are unnecessary and close down all the ports associated with those services. A user will also need to monitor the traffic going in and out of the system or network to ensure that the traffic is legitimate and should be going on in the first place. As another measure of security, one can also find testing programs online that test a firewall to see how vulnerable it is to such attacks. One such site that a person can use is (http://www.security-hacks.com/2007/04/24/howto-test-your-firewall). On this site there are several programs and tests that test out the security of a firewall. There are also provided the ways in which a firewall will be tested and the significance of the test performed. In Conclusion In conclusion, a firewall can be cracked and bypassed just like any other piece of software. It is vulnerable because of bugs and loopholes in the software but because it is a software that monitors traffic and prevents hacking it is more secure than a traditional piece of software, such as an operating system or an application. It is difficult and risky in trying to crack a firewall, which makes it a good first line of defense but ultimately, the effectiveness of the firewall is dependent on the user and how the user operates the firewall. Works Cited (1)”How Firewalls Work”. Howstuffworks. December 15, 2008 <http://www.howstuffworks.com/firewall.htm> (2)”What Firewall Software Does”. Howstuffworks. December 15, 2008 <http://computer.howstuffworks.com/firewall1.htm> (3)”Firewall Configuration”. Howstuffworks. December 15, 2008 <http://computer.howstuffworks.com/firewall3.htm> (4)”Why Firewall Security?”. Howstuffworks. December 15, 2008 <http://computer.howstuffworks.com/firewall2.htm> (5)”Firewall”. Wikipedia. December 15, 2008 <http://en.wikipedia.org/wiki/Firewall> (6)”How To Crack, by +ORC, A Tutorial. December 15, 2008 <http://www.textfiles.com/piracy/CRACKING/howtoa.txt> (7)”Firewall”. Ask A Scientist. December 15, 2008 <http://www.newton.dep.anl.gov/askasci/comp99/CS058.htm> (8)” An Insight into Weak Corporate Security - Firewall Bypass Reverse Connecting Trojans”. NASSCOM. December 15, 2008 <http://www.nasscom.in/Nasscom/templates/NormalPage.aspx?id=6060> (9)” CEH: Official Certified Ethical Hacker Review Guide”. Google Books. December 15, 2008 <http://sorry.google.com/sorry/?continue=http://books.google.com/books %3Fid%3D1yj97C_K_zAC%26pg%3DPA190%26lpg%3DPA190%26dq%3Db ypassing%2Ba%2Bfirewall%2Bhackers%26source%3Dweb%26ots%3DozkH 6CM2SW%26sig%3DxzQbjUGvuoCFqCITk5Iyf_uvIQ%26hl%3Den%26sa%3DX%26oi%3Dbook_result%26resnum% 3D9%26ct%3Dresult> (10)”How To Test Your Firewall”. Security Hacks. December 15, 2008 <http://www.security-hacks.com/2007/04/24/how-to-test-your-firewall> (11)”Cracking and Hacking: Are you doing enough for your network security?”. Bankersonline.com. December 15, 2008 <http://www.bankersonline.com/technology/crackhack1218.html>