Opensvp

 

Introduction

Opensvp is a security tool implementing attacks to be able to the resistance of firewall to protocol level attack. It implements classic attacks as well as some new kind of attacks against application layer gateway (called helper in the Netfilter world). The document Secure use of iptables and connection tracking helpers describes the protection method against this type of attack for a Netfilter firewall.

Download and more

The project is hosted on github:

  • Get the git: Code
  • To see issues or report one: Issues

Implemented attacks

Spoofing attack on helpers

Being on a network directly connected to the firewall via the eth0 interface, the attacker can run the following command ::
 opensvp --attacker -t 192.168.2.3 --helper ftp --port 23 -v -i eth0
192.168.2.3 is the address of the FTP server and 23 is the port we want to open on the server. It is then possible to connect to 192.168.2.3 on port 23 after a successful attack.

Abusive usage of helpers

It is possible for a client to send a forged command message which is interpreted as possible dynamic connection opening by the firewalls. It is possible to use a standard server to send the attack but with a custom server you will know the transformation made by the possible NAT gateway. A typical session is the following. On the server which has IP address 1.2.3.4, you can run ::
 $ opensvp --server --helper irc -v
On the client, you can then run ::
 $ opensvp --client -t 1.2.3.4 --helper irc --port 23 -v
 2.3.4.5:23 should be opened from outside
On the server, the following message is displayed ::
 You should be able to connect to 2.3.4.5:23
Here 2.3.4.5 is the public address of the client.

Protection against the attacks

See Secure use of iptables and connection tracking helpers for detailed information.
 Posted by at 11:47

  2 Responses to “Opensvp”

  1. Hi,

    Thanks for the tool!

    Just a tiny mistake: the pointer to opensvn’s source code is wrong, it links to coccigrep’s source code.

    Olivier;

  2. Oups, fixed. Thanks Olivier!

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>