Information Security News
There is an interesting way of knowing what kind of filters are placed in the gateway of a specific host. It is called firewalk and it is based on IP TTL expiration. The algorithm goes as follows:
Let?s see this with a real example. Consider the following network diagram:
Firewalking happens with the following steps:
2. An ICMP Time Exceeded message is received from the default gateway for the TTL=2 and TTL=1 packet, which means there are two gateways between origin and destination and TTL=3 is the distance to the destination
3. Several packets are sent with TTL=3 to the destination varying the destination port. The sequence goes as follows: A first packet is sent with TTL=3. If a timeout occurs, a second packet is sent with TTL=1. If an ICMP type 11 code 0 (Time-to-live exceeded) is received, the gateway is forwarding the packet.
Let?s see the first packet to port 1 and TTL=3:
Timeout occurs, so same packet is sent with TTL=2:
ICMP type 11 code 0 is sent from the gateway routing the destination host, which means the packet was forwarded and the port is opened:
How can we use this technique? Nmap has a firewalk script that can be used. For this example, the following command should be issued:
nmap --script=firewalk --traceroute 172.16.2.165
A county sheriff from Limestone, Alabama is sticking by his department's endorsement of ComputerCOP, a shady piece of software given to parents to monitor their kids online. Other law enforcement agencies, it appears, have followed that example.
Earlier this week, the Electronic Frontier Foundation published an investigation into software called ComputerCOP which approximately 245 agencies in more than 35 states, plus the US Marshals, have been distributing to parents to use to monitor their children. The software is essentially spyware, and many versions come with a keylogger, which in some cases transmits unencrypted keystrokes to a server.
In addition to ComputerCOP's security issues, the EFF discovered misleading marketing materials that wrongly claimed endorsements from the US Department of the Treasury and the ACLU. “Law enforcement agencies have purchased a poor product, slapped their trusted emblems on it, and passed it on to everyday people. It’s time for those law enforcement agencies to take away ComputerCOP’s badge,” Dave Maass of the EFF wrote in an article that was republished on Ars on Wednesday.