Firewall Exploits

Very easy. A cisco buddy tells me he can hack firewalls to the point where they need to go back to factory default to be of any value.

REALLY!? how. what does he do?

He's cisco, so you know he knows stuff. Maybe he will loan me a PIX to take to Defcon. :>

Hacking any router is easy.

If you know the IP of the router, from a PC, do this:
1. Click on Start>Run
2. Type "command" without the quotes and click on OK
3. Type this command: ping -l 65537 127.0.0.1
4. Hit <Enter>
5. If your computer crashed, you did it wrong, try again.
6. If you got an error, type this command: ping -t 127.0.0.1
7. Keep watching the results very carefully because eventually you will overflow the buffer of the router and it will show the router password.

BEWARE! FOLLOWING THESE INSTRUCTIONS COULD DAMAGE YOUR PC OR YOUR ROUTER.

If you have physical access to the router, it is easily hacked by this method:
1. Take a cat 5 cable with a regular tip on one end, and the other end stripped so the wires are bare.
2. Plug the tipped end into your ethernet port
3. Put the ends of the stripped cable into the top eight holes in the AUI port in this order: stripe-orange, orange, stripe-green, blue, stripe-blue, green, stripe brown, brown
4. Turn on the router and the computer (this only works with a pc)
5. Click on Start, Run
6. Type Calc, click OK (I know, it sounds corny, but it works)
7. Click on View>Scientific
8. Select Bin (Binary)
9. Enter this number: 10011001101111111000000000001
10. Select Hex (Hexidecimal)
11. Successfully hacked.

Physical access to a router should make it REAL easy. That's child's play. I had a Supermicro server die. Then I found out how to load the BIOS via the floppy drive, completely avoiding any bios password. That was fun and scary. Ironically I had a bad floppy drive!

Ok, McGyver. Put the crack pipe down!

Thats really cool but why does it work?
It's a buffer overflow right?

Please tell me you are joking and forgot to turn on the <sarcasm> tag.

yeah.. brain buffer

<sarcasm>(oops)

I'm going to try to answer this somewhat seriously.



One important thing here is to define what you mean by 'exploit'. Do you want to obtain, say, administrative logons onto the device? Or crash it, or otherwise perform a successful DoS? Or make it pass traffic it shouldn't, or drop traffic it should allow?

ZoneAlarm runs on top of Windows, and is technically more of an Intrusion Prevention System (IPS) than firewall. It's fairly safe to say that any Windows exploits it doesn't know how to protect against will undermine its effectiveness - though the same is going to be true of any similar product that runs on top of a host OS. Again, though, you need to define what you mean by 'exploit' in this context - and there may well be additional internal flaws within ZoneAlarm that could conceivably lead to some form of successful remote exploit.

Not to avoid giving you an answer, but they need to be found before they can be exploited. As an off-the-cuff answer, there are a conceivably lot of places this might be possible within the internal architecture of ZoneAlarm. However, there's no way of giving you a solid answer until something is found and demostrated - it'd all be in the theoretical at this point.

More importantly how is it done and is there any precautionary measures I can take to stop people from doing it???

As for the 'how is it done' part, see above. As for precautionary measures, keep Windows, ZoneAlarm, and your antivirus software patched and up-to-date. Also, don't overlook good administrative practices such as limiting user privilege to the lowest level possible, enforcing storage quotas, defining and enforcing group policy, etc.

O.K. i guess what i mean by 'exploit' is gaining control from a remote terminal.
i'm not too worried about DoS
So how would some one render the firewall useless (circumvent)?
although that may be too broad

P.S. thanx for being cool about answering my question though

Anyone who saw Half Baked knows that MacGyver smokes weed, not crack!

True, but as but as they say weed is a transitional drug therefore he is a crackhead!