Firewall technology is supposed to boost internet security but a new study has discovered that it helps hackers break into social networking sites like Facebook and Twitter.
A study by Z. Morley Mao, a Computer Science associate professor at the University of Michigan, and doctoral student Zhiyun Qian discovered that ﬁrewall middleboxes enable "offpath TCP (transmission control protocol) sequence number inference" attack.
The study revealed that there are security holes in "the randomization of TCP initial sequence numbers (ISN) which can guard against off-path spooﬁng attacks attempting to inject packets with a forged source address."
"ISN randomization prevents sequence numbers from being predicted, thus arbitrarily injected packets are likely to have invalid sequence numbers which are simply discarded at the receiver. Firewall vendors soon realized that they can in fact perform sequence number checking at network-based ﬁrewalls and actively drop invalid packets even before they can reach end-hosts, a functionality advertised in products from major ﬁrewall vendors. This feature is believed to enhance security due to the early discard of injected packets and the resulting reduced wasted network and host resources. Ironically, we discover that the very same feature in fact allows an attacker to determine the valid sequence number by probing and checking which sequence numbers are valid using side-channels as feedback. We name this attack "TCP sequence number inference attack"," Says the study.
The researchers found out ﬁrewall middleboxes to be very popular in cellular networks - at least 31.5% of the 149 measured networks. They discovered through their study that firewalls could help the attackers instead of protecting against attacks.