Firewall Cracking and Security By

advertisement
Firewall Cracking and Security
By: Lukasz Majowicz
Dr. Stefan Robila
12/15/08
What is a firewall?
Firewalls are programs that were designed to protect computers from
unwanted attacks and intrusions. Wikipedia defines a firewall as “an
integrated collection of security measures designed to prevent unauthorized
electronic access to a networked computer system. It is also a device or set
of devices configured to permit, deny, encrypt, decrypt, or proxy all
computer traffic between different security domains based upon a set of
rules and other criteria”. By this definition alone it can be deducted that a
firewall is essentially a set of rules that controls the flow of information from
a single computer and the outside world. This firewall can be obtained in two
different forms. One way is to get it as a software package by either
purchasing it or downloading it from the internet. Another way of getting a
firewall is simply by purchasing a device with a firewall built into it. Most
routers now have a firewall built into it to filter out unwanted or suspicious
traffic. (http://www.howstuffworks.com/firewall.htm (All sites from
howstuffworks.com/firewall*))
Here is a sample picture of a firewall interface:
The basic use of a firewall is to prevent any traffic that may be malicious or
harmful from reaching the computer and making a connection with it. In
other words if some source is trying to connect with the computer but the
firewall sees the source as a suspicious signal or unknown signal it will either
block it from connecting to the computer or it will inform the user that a
source with such an id is trying to connect with it and gives the user the
option of whether the user wants to allow it to connect or not. In so doing
the firewall protects our computer from hackers by blocking their attempt to
connect to our computer and cause harm. This is done using a newer system
of stateful inspection. This method scans key parts of an outgoing packet
and compares it to a trusted database of information. It compares incoming
packets to the same database and this determines whether it is trustworthy
or not. (http://www.howstuffworks.com/firewall.htm (All sites from
howstuffworks.com/firewall*))
(http://www.howstuffworks.com/firewall.htm)
Since hackers are aware of the existence of firewalls, the main goal for them
is to find systems and computers that are not protected by a firewall. In
modern times however, just about every operating system has a default
firewall built into it so that would make any new system impervious to a
hacker attack. This would seem like the perfect way to eliminate all the
worries of computer users and ensure perfect security but the truth is that
even the system that is supposed to protect us from hackers is susceptible
to an attack from them and can be altered in a way so that it can be
bypassed and a user’s system and computer can still be overtaken by a
hacker.
Cracking a Firewall Through Programming
A firewall is nothing more than a set of rules that is run by software to filter
traffic and determine which traffic is acceptable and which is not. As with
any software programming, some programming language commands can
alter a program. To do such a thing requires a very long and exhaustive
process in order to do such alterations. In order to disable a firewall or alter
it that way would be too complicated and too time intensive to be of much
use in achieving the desired effect.
(http://www.bankersonline.com/technology/crackhack1218.html)
In order to do what is mentioned above, one would need to know the
programming language that the program was created with. In addition to
that, they would also need to know programming pretty well to know the
different variable names and functions that could alter the program after it is
already compiled and operational. Not only does one have to know that but
also has to find a way to run this program while the firewall is doing its job,
which also means to sneak this code past the firewall so it can be run.
(http://www.nasscom.in/Nasscom/templates/NormalPage.aspx?id=6060)
To do something of that magnitude would be to know the programming of
the firewall inside out. The hacker would have to know each function run by
the firewall and how it runs them. Using this information, a hacker can write
his or her own code that can use that knowledge to work in its own way. For
instance, let’s say that the firewall has a function called scan that runs the
scanning of the different ports or addresses and the result of that scan is a
Boolean called result. Based on whether the result is true or false, the
connection may be accepted or rejected. If a hacker knows the programming
of the firewall he or she can send a small file with code that for instance can
say that if the firewall is performing the scanning function it should accept
the communication or if the result of the scan is fail and the connection
should be rejected, the sent instructions override the standard rules and still
accept the connection.
This is a way to gain control of the firewall and change its rules. This would
be ideal if one wanted to gain control of a computer and use it to one’s own
advantage or leisure. Of course using this would slow down the targeted
computer so the user would still be somewhat alerted to the alteration and
could be aware that the computer is being controlled. Of course, once the
user is aware and takes measures to prevent this, such as reinstalling the
firewall or formatting the drive, or even something as simple as
disconnecting from the internet will sever the control.
Using this method is however, very time consuming and does not offer any
advantages. Another method is simpler and less time consuming than
exploring the entire program and finding out all of its niches and kinks.
Cracking a Firewall Using Ports
Another way of cracking a firewall is to learn about the firewalls themselves.
One can always download all the free firewall software that people may use
and get a hold of software that might already be on a computer. This is
simpler than studying code and trying to alter it. Once one gets familiar with
firewalls and knows how they operate, the next step would be to familiarize
oneself with the different security holes and back doors of the firewalls.
(http://www.textfiles.com/piracy/CRACKING/howtoa.txt)
Every piece of software ever created will have some bugs and security holes.
There is no such thing as a perfect program. Knowing this, it certainly means
that no firewall will be perfect and run exactly the way it was supposed to
and will have its own security issues such as gaps in security or bugs. Even
updates that fix these bugs or close up security holes do not eliminate all of
them. They do manage to fix some but never all of them, so some areas of
firewalls are still vulnerable and open to attack. The main idea of this way of
cracking is to explore these loopholes and exploring them.
A way for a firewall to have vulnerabilities and back doors is through
different services that connect through the firewall such as remotely
accessing a computer or web services such as http or ftp need to connect
using ports on the firewall. These ports are used to directly connect through
the firewall and link with their needed address. If these services are used
often, then it would be a good idea to keep them open. However, if they are
not used at all, then they are just open ports that can be used to bypass the
firewall and get into the system.
This is not to say that as long as there is traffic going through that port, the
firewall will not let any other traffic through. Traffic is traffic and what type
of traffic passes through is monitored but through some ports it is not
monitored as well as through other ports. Saying this, it means that any
open port on a firewall is open to access from the outside. The only thing
that can determine if traffic passes through a particular port is the address
from where the traffic is coming from.
Whenever a port is open and traffic flows through, not only is the traffic
monitored for suspicious content but also where it is coming from. If the
content is coming from a trusted source, the information is then checked for
any malicious code. If it is coming from an unknown source, a notification
appears and a user is notified of this attempt and has the choice of accepting
the connection or rejecting it. Once rejected, any attempts at connection
from that address are automatically rejected and discarded.
If a hacker wants to learn to crack firewalls, he or she needs to tests these
vulnerabilities on a home network first to make sure that they can efficiently
crack the firewall because if they try this on the internet right away, they
could be easily detected and caught.
(http://www.textfiles.com/piracy/CRACKING/howtoa.txt)
The Steps To Cracking
To crack through a firewall, the hacker needs to do some other things first.
The first among them is to find a way to connect to the machine that he or
she wants to crack. In order to accomplish this, a hacker will need to scan all
available communication ports in order to find a way to communicate with
the desired machine. Most of the computers usually use a router so to get to
a target machine or network, they have to first get through a router.
To do this, a hacker needs to scan all communication ports in order to find a
port that is open to communication and a signal can be sent through. Once
communication is established, the hacker can then attempt to try to find a
hole through the firewall. This may sound easier than it is done. This is
because, as mentioned above, the traffic is also monitoring addresses from
which signals are sent.
To bypass this feature, a hacker will have to mask his IP signature or use
some domain to carry out the hack because it could be traced back to him.
Of course another problem with this is if the signal(IP address) is
unrecognized it could still be blocked so a person hacking the firewall would
have to clone the IP address of a trusted source that can go through the
firewall ports and use it as its own IP address to try to make the connection.
(http://sorry.google.com/sorry/?continue=http://books.google.com/books%
3Fid%3D1yj97C_K_zAC%26pg%3DPA190%26lpg%3DPA190%26dq%3Dbyp
assing%2Ba%2Bfirewall%2Bhackers%26source%3Dweb%26ots%3DozkH6C
M2SW%26sig%3DxzQbjUGvuoCFqCITk5Iyf_uvIQ%26hl%3Den%26sa%3DX%26oi%3Dbook_result%26resnum%
3D9%26ct%3Dresult)
In this way, the hacker is now disguised as a trusted source and the
communication attempt can be accepted if the disguise holds. In this way,
the hacker can now have a direct contact with the firewall and try to work
his or her way around it or through it. Working through it means to just find
a port that allows traffic with your disguised IP address through and work
through it to access the internal network behind the firewall.
Working around the firewall would mean finding a hole that the firewall does
not cover and leaves a path right around it without it detecting any activity.
This is the least likely of the two as the firewalls of this day and age usually
cover most of the loopholes that could be found and control just about all
traffic running to and from the computer.
If this is a one-time hacking then all the hacker needs to do is just go with
the flow of traffic and do what they desire once the firewall is vulnerable and
the hacker’s signal is disguised as a genuine signal. If the hacker decides to
hack this computer more than once or use the computer as a remote
location to attack other places, he or she can place a Trojan or just modify
the firewall so that it leaves a back door for the hacker to revisit the system
and use it at will without going through getting past the firewall again.
(http://www.nasscom.in/Nasscom/templates/NormalPage.aspx?id=6060)
Cracking a Firewall Is Not Easy But Possible
This just shows that a firewall is just a piece of software that monitors and
controls traffic going from and to a computer or local network, a piece of
software that just like any other software has bugs and loopholes in it that
could cause it to fail or be vulnerable to attack. Even though this piece of
software was specifically designed to protect a system or network from such
attacks, it is itself still vulnerable.
This is not to say that cracking a firewall and getting past its defenses is
easy and has little consequences if the crack fails. It is just the opposite.
Trying to crack through a firewall requires a lot of experience and time and
resources to do. One would also have to keep up with all the updates of a
given firewall that they are trying to crack and finding out about which
loopholes are still available to use.
In addition to that, if a hacker does not disguise his or her signal efficiently
enough, they could be exposed and tracked down. Also if a hacker tries to
communicate through a port that is not available, they will be denied access
and could be exposed so there is a lot of risk involved.
A system is quite secure with a firewall, but one has to know how to set it up
and how to maintain it. To keep a system at its utmost secure, one needs to
know which services one will be using and close down all the other services
that are unnecessary and close down all the ports associated with those
services. A user will also need to monitor the traffic going in and out of the
system or network to ensure that the traffic is legitimate and should be
going on in the first place.
As another measure of security, one can also find testing programs online
that test a firewall to see how vulnerable it is to such attacks. One such site
that a person can use is (http://www.security-hacks.com/2007/04/24/howto-test-your-firewall). On this site there are several programs and tests that
test out the security of a firewall. There are also provided the ways in which
a firewall will be tested and the significance of the test performed.
In Conclusion
In conclusion, a firewall can be cracked and bypassed just like any other
piece of software. It is vulnerable because of bugs and loopholes in the
software but because it is a software that monitors traffic and prevents
hacking it is more secure than a traditional piece of software, such as an
operating system or an application. It is difficult and risky in trying to crack
a firewall, which makes it a good first line of defense but ultimately, the
effectiveness of the firewall is dependent on the user and how the user
operates the firewall.
Works Cited
(1)”How Firewalls Work”. Howstuffworks. December 15, 2008
<http://www.howstuffworks.com/firewall.htm>
(2)”What Firewall Software Does”. Howstuffworks. December 15, 2008
<http://computer.howstuffworks.com/firewall1.htm>
(3)”Firewall Configuration”. Howstuffworks. December 15, 2008
<http://computer.howstuffworks.com/firewall3.htm>
(4)”Why Firewall Security?”. Howstuffworks. December 15, 2008
<http://computer.howstuffworks.com/firewall2.htm>
(5)”Firewall”. Wikipedia. December 15, 2008
<http://en.wikipedia.org/wiki/Firewall>
(6)”How To Crack, by +ORC, A Tutorial. December 15, 2008
<http://www.textfiles.com/piracy/CRACKING/howtoa.txt>
(7)”Firewall”. Ask A Scientist. December 15, 2008
<http://www.newton.dep.anl.gov/askasci/comp99/CS058.htm>
(8)” An Insight into Weak Corporate Security - Firewall Bypass Reverse
Connecting Trojans”. NASSCOM. December 15, 2008
<http://www.nasscom.in/Nasscom/templates/NormalPage.aspx?id=6060>
(9)” CEH: Official Certified Ethical Hacker Review Guide”. Google Books.
December 15, 2008
<http://sorry.google.com/sorry/?continue=http://books.google.com/books
%3Fid%3D1yj97C_K_zAC%26pg%3DPA190%26lpg%3DPA190%26dq%3Db
ypassing%2Ba%2Bfirewall%2Bhackers%26source%3Dweb%26ots%3DozkH
6CM2SW%26sig%3DxzQbjUGvuoCFqCITk5Iyf_uvIQ%26hl%3Den%26sa%3DX%26oi%3Dbook_result%26resnum%
3D9%26ct%3Dresult>
(10)”How To Test Your Firewall”. Security Hacks. December 15, 2008
<http://www.security-hacks.com/2007/04/24/how-to-test-your-firewall>
(11)”Cracking and Hacking: Are you doing enough for your network
security?”. Bankersonline.com. December 15, 2008
<http://www.bankersonline.com/technology/crackhack1218.html>
Download