Welcome to cissp CISSP training Certified Information Systems Security Professional
Search
Nickname Password Security Code Security Code Type Security Code  



Shon Harris Training

Shon's Corner

Library of Documents

Forum Postings

Recommended Podcasts

CISSP's Blogs

MISC Menu

ISO 17799/ISO 27001

Surveys

Where do you find the best price for books?

Amazon.Com
Bookpool.Com
The ISC2 webstore
CISSPS.COM
Cheapbooks.com
Ecampus.com
Other (Please leave a comment with name of site)



Results
Polls

Votes: 905
Comments: 30

OCSIG

Security Books

Top10 Downloads

Top10 Links

Who's Online

There are currently, 60 guest(s) and 24 member(s) that are online.

You are Anonymous user. You can register for free by clicking here

Security News: Firethru - A tool to bypass your security
Posted on Friday, 27 April 2001 @ 08:14:20 EDT
Contributed by cdupuis | Topic: Vulnerabilities

Scott Sanchez has posted a very interesting message on the CISSP forum that you should all read about. It is a tool called firethru that allow user to proxy requests through the firethru.com servers and by doing so bypass your security filetering. Click on Read More below to get the full message from Scott.



-----Original Message-----
From: Scott Sanchez [mailto:scott@gungadin.com]
Sent: 25 avril, 2001 19:20
Subject: firethru.com (second alert)
Importance: High

Ladies & Gents,

I posted about this last week, and I hope that by now you've all evaluated it and blocked it at the router/proxy/firewall level if necessary for your organizations.

If you haven't seen it yet, it's basically a port redirector that a user can install on their workstation and bind a port to a remote host by forwarding packets through the firethru.com web site. So, you say that (for example) whenever I telnet to 127.0.0.1:4500 it should open a connection to some.host.on.the.internet.com:23. Now, most firewall and proxy servers wont stop this (unless you've blocked firethru specifically) because the firethru client will forward the packets through www.firethru.com:80/cgi-bin/proxy rather than any special ports. Pretty sneaky. It does AIM, Telnet, FTP, POP3, SMTP, WWW, HTTPS, etc..etc..

To make it even better, we were able (through spoofing) to pass packets from an arbitrary host on the Internet, back THROUGH the "firethru" http tunnel and into the original host (which, if you haven't blocked it would be on your corporate networks). This is NOT an intended feature of the product. (Granted, for this attack to work you'd need to know the end-point host that the firethru user is connected to, and what ports are involved in that connection. But that's why they invented sniffers, isn't it?

Anyway, not sounding the alarms but IMHO it's definitely worth adding to the block list. There is no purpose that we have found yet for this product other than to bypass security policies & their subsequent filter rules.

It's blocked on my networks.

-Scott

-----------------------------------------
Scott C. Sanchez, CISSP
scott@gungadin.com
PGP Key: http://www.gungadin.com/pgp-scott-c-sanchez.asc
------------------------------------------


Login

Nickname

Password

Security Code:
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Related Links

Article Rating

Average Score: 4.62
Votes: 8

Average Score

Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad

Options

"Firethru - A tool to bypass your security" | Login/Create an Account | 4 comments | Search Discussion
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: (Score: 1)
by econom25 on Thursday, 03 July 2008 @ 11:01:28 EDT
(User Info | Send a Message)
venta consoladores [groups.google.nl] modelos de peinados de hombre [groups.google.nl] tattoo de diablos en caricaturas [groups.google.nl] videochat espaniol gratis [groups.google.nl] fotos de chavas colegialas [groups.google.nl] sexo mesenger [groups.google.nl] gordas al maximo y sexis [groups.google.nl] fotos de profesoras eroticas [groups.google.nl] video de masturbacion [groups.google.nl] intercambio web cam [groups.google.nl] jovenes adventistasorg [groups.google.nl] colegiala follando alumnos [groups.google.nl] imagenes de teiboleras exitantes [groups.google.nl] videos de chicas bailando en minifalda [groups.google.nl] escort de maximo lujo [groups.google.nl] alemanas follando [groups.google.nl] foto a video a webcam [groups.google.nl] escolares en calzones chilenas [groups.google.nl] videos gratis de galilea montijo cojiendo gratis [groups.google.nl] xxx vellos pubicos [groups.google.nl] videos penetrando culos [groups.google.nl] novias infieles vids [groups.google.nl] maduros follando a chibolas [groups.google.nl] masajes travestis guadalajara [groups.google.nl] swinger chat web cam [groups.google.nl] muyzorrascom [groups.google.nl] embarazadas tetonas [groups.google.nl] lenceria intima vajinaes com [groups.google.nl]



Re: (Score: 1)
by econom25 on Thursday, 03 July 2008 @ 11:05:39 EDT
(User Info | Send a Message)
lamer pies y culo [groups.google.nl] las ruviascom [groups.google.nl] fotos de dibujos animados follando [groups.google.nl] lenceria intima vajinaes com [groups.google.nl] confesiones calientes [groups.google.nl] fotos chicas galeria cucas rasuradas [groups.google.nl] espiar la cam de un contacto del msn [groups.google.nl] galerias de minifaldas lindas [groups.google.nl] gifs de mujeres cagando [groups.google.nl] fotos de artistas en minifalda de la tv [groups.google.nl] infragantiscon [groups.google.nl] galerias maduras gratis pinturas [groups.google.nl] 0123famosas [groups.google.nl] nguitas [groups.google.nl] relatos pornos juvniles gay [groups.google.nl] las pollas mas ricas de gays [groups.google.nl] videos pornostar ninaera [groups.google.nl] videochat espaniol gratis [groups.google.nl] relatos pornos juvniles gay [groups.google.nl] fotos de dibujos animados follando [groups.google.nl] sexo con animales [groups.google.nl] video porno gratis sin sms samples [groups.google.nl] gotihc porn [groups.google.nl] gifs de mujeres cagando [groups.google.nl] maduras lloronas [groups.google.nl] pijas pegajosas fotos [groups.google.nl] culiando culonas [groups.google.nl] ww juegocom [groups.google.nl]



Re: (Score: 1)
by econom25 on Thursday, 03 July 2008 @ 11:37:04 EDT
(User Info | Send a Message)
abuelo espiando a en el baao [groups.google.nom.es] ardientes jovencitas mpeg [groups.google.nom.es] arrechoscom [groups.google.nom.es] chicas naturistas [groups.google.nom.es] relatos de jovensitas culiadas [groups.google.nom.es] videos gartis tranxesuales [groups.google.nom.es] bideos de chiapas [groups.google.nom.es] sailor calatitas [groups.google.nom.es] chochos sin desvirgar [groups.google.nom.es] imagenes gif picantes [groups.google.nom.es] rubias cagando [groups.google.nom.es] chicas brazileaas [groups.google.nom.es] zorritas bebes [groups.google.nom.es] espiadas bajo falda [groups.google.nom.es] escorts maduras limeaas [groups.google.nom.es] maribel verdu mpg [groups.google.nom.es] mujeres embarazadas sexis [groups.google.nom.es] maduras peleando [groups.google.nom.es] vecinas infragantis [groups.google.nom.es] secretarias free [groups.google.nom.es] fotos de diosas colombianas [groups.google.nom.es] guarrillas en la web cam [groups.google.nom.es] mujeres delgadas folladas [groups.google.nom.es] videos de corridas violentas [groups.google.nom.es] fotolog upskirts [groups.google.nom.es] masajistas sexi madrid [groups.google.nom.es] boliviana follando [groups.google.nom.es] [url=http://groups.google.nom.es/group/2iywctm8/web/-3][/url]



Re: (Score: 1)
by econom25 on Thursday, 03 July 2008 @ 11:41:42 EDT
(User Info | Send a Message)
chicas lindas chupando pijas [groups.google.nom.es] semen jovensitas corridas de leche las tetas de grandes tetas sabrosas fotos [groups.google.nom.es] azafatas minifaldas oral [groups.google.nom.es] artistas con pantimedias [groups.google.nom.es] modelando calzones de [groups.google.nom.es] videos de chicas rubias desvistiendose [groups.google.nom.es] fotos deswinger [groups.google.nom.es] videos gratis de camaras escondidas en vestidores de damas [groups.google.nom.es] chavas msn cam [groups.google.nom.es] mujeres embarazadas sexis [groups.google.nom.es] videos de cexo [groups.google.nom.es] movies gratis chicas infraganti [groups.google.nom.es] peliculas mamadas [groups.google.nom.es] zadomasoquismo lesvianas [groups.google.nom.es] negras tanguitas [groups.google.nom.es] bundas inmensas [groups.google.nom.es] solo fotos de calatas [groups.google.nom.es] colegialas pajeandose [groups.google.nom.es] lolitas teens tgp rusas [groups.google.nom.es] mujer teton xxx [groups.google.nom.es] fotos de maraa sharapova indiscretas [groups.google.nom.es] videos pornode britny speart [groups.google.nom.es] galerias marranas [groups.google.nom.es] bisexsuales cojiendo [groups.google.nom.es] fotos de rabos enormes [groups.google.nom.es] hombres modelos cachas jovenes desnudos [groups.google.nom.es] bebitas sexis [groups.google.nom.es] xoxotas loiras bucetas [groups.google.nom.es]



All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2007 by CCCure.Org, and the site maintainers Clement Dupuis and Nathalie Lambert. Reuse is strictly prohibited without written permission of CCCure.Org or it's maintainers.

This web site is not associated directly or indirectly with ISC2, the SANS Institute, ISACA, or other certification authority. The GCFW, CISSP, SSCP, ISSEP, ISSMP, CISA, and CISM are all the property of their respecful owners. The content of this site is provided to you freely due to the generosity of our sponsors.


 

 


Page Generation: 0.46 Seconds