-2

What happens if an attacker has found a technique for sending packets through the firewall to the DMZ without the packets being checked?

Suppose the attacker doesn't know the internal addresses of hosts in the DMZ. Can the attacker arrange for a packet to be sent to the www server in the DMZ without the firewall checking the packet? (I'm thinking about email spoofing and email forgery).

Kenny Rasschaert
  • 8,925
  • 3
  • 41
  • 58
Orsonka
  • 11
  • 1
  • 1
    What do you mean by "without the packets being checked"? It'd be hard to get translated to the internal address by a NATing firewall without it seeing the packets.. but most firewall "bypass" issues are really just misconfigurations. – Shane Madden Jan 13 '12 at 01:21
  • Email spoofing/forgery can be relevant to a device scanning email/spam but those techinques alone will do nothing to bypass a firewall in order to gain access to dmz or lan. (unless your firewall is poorly configured) – Robin Gill Jan 13 '12 at 01:34

1 Answers1

2

If we assume the firewall itself hasn't been compromized to the point were the attacker can reconfigure it or make any modifications then it is pretty unlikely that the attacker would be able to drastically redirect traffic to different internal destinations unless.

If they have gotten complete control over the firewall, then they would be able to do pretty much anything you could do with it as an admin.

Zoredache
  • 128,755
  • 40
  • 271
  • 413