Chapter 24: Escaping through the Firewall

Overview

This chapter considers various methods of bypassing firewalls to organize a remote terminal shell on the target computer, operating under one of the UNIX clones or under Windows 9x/NT. It covers the most advanced techniques used by hackers for penetrating practically any firewall independent of its architecture, configuration, or protection level. Also covered will be a set of freeware demo tools intended for testing the protection level of your firewall (perhaps, it will disclose that you have no protection).

Having penetrated a vulnerable system, the worm's head must establish a TCPAP (or UDP) connection to the source host and upload its main body (also called the tail). Hackers who send a diversionary exploit to the target computers follow a similar approach. The subversive exploit causes stack overflow and installs a remote terminal shell, which communicates with the attacking host using TCPAP. In this respect, there is no principal difference between worms and hackers (sometimes, back doors are installed using worms).

However, the worm can fail if it encounters an unfriendly firewall intended to isolate the protected network from militant idiots striving to spoil the lives of normal users. Nowadays firewalls are extremely popular, and no self-respecting corporate network can do without them. Moreover, firewalls are typically installed not only in networks but also on home computers. Nevertheless, the rumors about the omnipotence of firewalls are strongly exaggerated. For instance, firewalls are depressingly inefficient when struggling against worms. Because firewalls are designed for ensuring protection against attacks originating from outside, nothing can be easier than escaping from the traps they establish. The next few sections explain why this is so.