Opensvp

Introduction

Opensvp is a security tool implementing attacks to be able to the
resistance of firewall to protocol level attack. It implements
classic attacks as well as some new kind of attacks against application
layer gateway (called helper in the Netfilter world).

The document Secure use of iptables and connection tracking helpers describes
the protection method against this type of attack for a Netfilter firewall.

Download and more

The project is hosted on github:

  • Get the git: Code
  • To see issues or report one: Issues

Implemented attacks

Spoofing attack on helpers

Being on a network directly connected to the firewall via the eth0 interface,
the attacker can run the following command ::

 opensvp --attacker -t 192.168.2.3 --helper ftp --port 23 -v -i eth0

192.168.2.3 is the address of the FTP server and 23 is the port we want to
open on the server.

It is then possible to connect to 192.168.2.3 on port 23 after a successful
attack.

Abusive usage of helpers

It is possible for a client to send a forged command message which is interpreted
as possible dynamic connection opening by the firewalls.

It is possible to use a standard server to send the attack but with a custom server
you will know the transformation made by the possible NAT gateway.

A typical session is the following. On the server which has IP address 1.2.3.4, you
can run ::

 $ opensvp --server --helper irc -v

On the client, you can then run ::

 $ opensvp --client -t 1.2.3.4 --helper irc --port 23 -v
 2.3.4.5:23 should be opened from outside

On the server, the following message is displayed ::

 You should be able to connect to 2.3.4.5:23

Here 2.3.4.5 is the public address of the client.

Protection against the attacks

See Secure use of iptables and connection tracking helpers for detailed information.

2 thoughts on “Opensvp”

  1. Hi,

    Thanks for the tool!

    Just a tiny mistake: the pointer to opensvn’s source code is wrong, it links to coccigrep’s source code.

    Olivier;

Leave a Reply

Your email address will not be published. Required fields are marked *