Re: [Full-disclosure] Sony: No firewall and no patches

[Bruno Cesar Moreira de Souza <bcmsouza@xxxxxxxxxxxx>]

--- On May 10, 2011, Dobbins, Roland <rdobbins@xxxxxxxxx> wrote:

> On May 10, 2011, at 8:53 PM, Bruno Cesar Moreira de Souza wrote:
> 
> > The stateless ACLs would not prevent ACK tunneling 
> > (http://ntsecurity.nu/papers/acktunneling/). 
> 
> Again, if an attacker's already in a position to do that,
> the game is already over.

The game is over for this compromised server. However, the attacker possibly 
wants to attack other servers in the network and then compromise sensitive 
database servers. If the compromised server is not behind a stateful firewll, 
it will be easier to create a tunnel to access unauthorised ports (such as 
database network services) and attack other servers. In the worst case, the 
attacker may be able to penetrate the internal network through this tunnel. It 
would be possible to create a covert channel through a stateful firewall? Yes, 
but if the firewall is well configured, you increase the complexity of the 
attack and there is more chance the attack will be detected.

Additionally, using a covert channel, the attacker can create a backdoor to 
keep his access. Even if the exploited vulnerability is fixed in a short time, 
the attacker will still be able to easily control the compromised server. And 
perhaps his access will keep unnoticed for a long time.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/