At first, you might not think that these vulnerabilities
are very interesting. After all, wouldn??™t an attacker have to get access to your client
workstation in order to target vulnerabilities in your client software? The firewall should
protect you from those attacks, right? Oh, and your corporation uses a proxy server to
protect against web attacks, so that is double protection! And it??™s not like the attack
could take over the system either, right? It??™s just a web browser??¦
This section addresses those misconceptions.
Client-Side Vulnerabilities Bypass Firewall Protections
With more and more computers protected from attack by a host-based or perimeter
firewall, attackers have changed tactics. The fire-and-forget attacks of 2003 are now
blocked by on-by-default firewalls. This change makes client-side vulnerabilities more
interesting to the attacker.
If you recall, firewalls typically block new, inbound connection attempts but allow
users behind the firewall to create outbound connections, which allow both parties of
that established connection to communicate freely in both directions over that channel.
359
Gray Hat Hacking: The Ethical Hacker??™s Handbook
360
If an attacker wants to attack your firewall-protected computer, he will normally be
blocked by your firewall.
Pages:
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646