SW firewall tunneling demo

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Volker Birk has created a english language version of his POC
of tunneling software firewalls. The idea is to demonstrate
how easy it is to bypass firewalls from the inside, so to speak,
and transmit data to a remote site without the user's permission,
and without creating a alert from the firewall. The demo exe file
can be downloaded from:


It's quite unpolished, and you have to have IE started and minimized
first in order to see a message displayed (in IE). Furthermore, in
order to see evidence that indeed packets are sent (to some IP number
that traces to RIPE in Amsterdam) you have to have some packet logging
sw running as well. Actually, I found that Sygate's traffic log
records the incident. So it's not necessarily that the fw is blind to
the incident. It's a matter that average users .... who depend on
their sw firewall to alert them and protect them from Trojans and
spyware calling out ... will be oblivious.


Site Timeline