Family Heritage Books
2007-May-31 20:02 UTC
Does the Unicode security hole affect Shorewall?
Recently I ran across an article in eweek http://www.eweek.com/article2/0,1895,2130397,00.asp?kc=EWKNLEDP051607B basically saying that there is a serious security hole affecting virtually every major firewall and intrusion prevention system available. It seems to involve a network evasion technique that uses full-width and half-width unicode characters to allow malware to evade detection by an IPS or firewall. Does anyone know if this is an issue that affects Shorewall. -- Thanx for your time, Bryan ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On 5/31/07, Family Heritage Books <Famheritbk@aol.com> wrote:> Recently I ran across an article in eweek > http://www.eweek.com/article2/0,1895,2130397,00.asp?kc=EWKNLEDP051607B > basically saying that there is a serious security hole affecting > virtually every major firewall and intrusion prevention system available. > It seems to involve a network evasion technique that uses full-width and > half-width unicode characters to allow malware to evade detection by an > IPS or firewall. > > Does anyone know if this is an issue that affects Shorewall.The article sounds to me like it does not even affect firewalls at all: "The vulnerability concerns HTTP content-scanning systems", which is something like snort, not shorewall. The article probably just is a bit too much mainstream / not-technical, and thus puts in "firewall", because that''s what people associate with defenses from internet threads. ~David ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
It certainly doesn''t sound like it. Shorewall doesn''t (unless I missed something) scan HTTP traffic, it just looks at the packet headers. Thus, no Unicode problems, etc. Will On 5/31/07, Family Heritage Books <Famheritbk@aol.com> wrote:> Recently I ran across an article in eweek > http://www.eweek.com/article2/0,1895,2130397,00.asp?kc=EWKNLEDP051607B > basically saying that there is a serious security hole affecting > virtually every major firewall and intrusion prevention system available. > It seems to involve a network evasion technique that uses full-width and > half-width unicode characters to allow malware to evade detection by an > IPS or firewall. > > Does anyone know if this is an issue that affects Shorewall. > -- > Thanx for your time, > Bryan > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Andrew Suffield
2007-May-31 20:46 UTC
Re: Does the Unicode security hole affect Shorewall?#
On Thu, May 31, 2007 at 04:02:47PM -0400, Family Heritage Books wrote:> Recently I ran across an article in eweek > http://www.eweek.com/article2/0,1895,2130397,00.asp?kc=EWKNLEDP051607B > basically saying that there is a serious security hole affecting > virtually every major firewall and intrusion prevention system available. > It seems to involve a network evasion technique that uses full-width and > half-width unicode characters to allow malware to evade detection by an > IPS or firewall. > > Does anyone know if this is an issue that affects Shorewall.The article''s a load of nonsense. This is neither a new problem (Schneier raised it in 2000, that''s probably the first widely known instance of it) nor a problem affecting firewalls. Unicode is a security disaster area, but it''s got nothing to do with shorewall. Furthermore, the article makes the fairly useless claim that 92 randomly selected products ''may'' have issues ("we don''t know, nobody''s looked"); I demonstrate the uselessness of this claim thusly: All known software packages may cause your computer to transform into a large green elephant, since no vendors currently test their products for elephant colouration, so we don''t know how many packages will actually do it. Lastly, they''re using an unhelpful definition of "virtually every major firewall and intrusion prevention system available", defining "major" as "the ones we didn''t bother to look at but felt like listing". Lousy bit of journalism. Most of it is fiction. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Andrew Suffield wrote:> On Thu, May 31, 2007 at 04:02:47PM -0400, Family Heritage Books wrote: >> Recently I ran across an article in eweek >> http://www.eweek.com/article2/0,1895,2130397,00.asp?kc=EWKNLEDP051607B >> basically saying that there is a serious security hole affecting >> virtually every major firewall and intrusion prevention system available. >> It seems to involve a network evasion technique that uses full-width and >> half-width unicode characters to allow malware to evade detection by an >> IPS or firewall. >> >> Does anyone know if this is an issue that affects Shorewall. > > The article''s a load of nonsense. This is neither a new problem > (Schneier raised it in 2000, that''s probably the first widely known > instance of it) nor a problem affecting firewalls. Unicode is a > security disaster area, but it''s got nothing to do with shorewall. > ... > Lousy bit of journalism. Most of it is fiction.The CERT article they link to makes a lot more sense, and also makes it clear that it''s HTTP content scanning systems that are affected, not packet filters: http://www.kb.cert.org/vuls/id/739224 -- Paul <http://paulgear.webhop.net> -- Did you know? Microsoft Internet Explorer and Outlook have a poor track record for security <http://www.kb.cert.org/vuls/id/713878>. Why not try one of the more secure alternatives from <http://mozilla.org>? ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Cristian Rodriguez R.
2007-Jun-01 03:04 UTC
Re: Does the Unicode security hole affect Shorewall?
Family Heritage Books escribió:> Does anyone know if this is an issue that affects Shorewall.No, this problem does not affect shorewall at all. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/