Hacker 'Handshake' Hole Found In Common Firewalls

    Date13 Apr 2011
    CategoryFirewalls
    7083
    Posted ByDave Wreski
    Some of the most commonly-used firewalls are subject to a hacker exploit that lets an attacker trick a firewall and get into an internal network as a trusted IP connection. NSS Labs recently tested half a dozen network firewalls to evaluate security weaknesses, and all but one of them was found to be vulnerable to a type of attack called the "TCP Split Handshake Attack" that lets a hacker remotely fool the firewall into thinking an IP connection is a trusted one behind the firewall.

    "If the firewall thinks you're inside, the security policy it applies to you is an internal one, and you can run a scan to see where machines are," says Rick Moy, president of NSS Labs. An attacker can then pretty much run wild in the network because the firewall mistakenly considers the IP address as a trusted one coming from behind the firewall.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    12
    radio
    [{"id":"53","title":"Yes","votes":"7","type":"x","order":"1","pct":87.5,"resources":[]},{"id":"54","title":"No","votes":"1","type":"x","order":"2","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.