Software Firewalls versus Wormhole Tunnels

Posted by tuxchick on Oct 31, 2005 5:26 AM EDT
Security Focus; By Bob Rudis and Phil Kostenbader
Mail this story
Print this story

In a VPN configuration, most personal firewalls are configured to drop their shields (because all traffic is heading to and from a trusted source), so the VPN client is, in fact, a liability because there is no need to use a libpcap outbound wormhole-tunnel communications channel. The firewall will happily ignore whatever packets a malicious program might need and they go unfiltered through the "secure" VPN connection... Creating and using a wormhole-tunnel communications channel is not limited to malicious use by malware, spyware, viruses or worms. The following scenario illustrates how one can legitimately (and more robustly) bypass the firewall without the use of libpcap.

[Ed.- and don't forget email, web browsers, and all the ways that SSH can sneak around firewall rules.]

Full Story

» Read more about: Story Type: News Story, Security

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.