Sessionwall-3 (e-Trust IDS) flaws - [07-Jun-2000]

Codex, Mael, Ob1

After procrastinating for over 2 years, we finally completed our Sessionwall-3 paper and accompanying tools.
If you care, go here. If you don't, go here.

Cisco ACL bypassing - [24-May-2000]

Codex

Codex released this document containing proof-of-concept details regarding circumvention of Cisco access-lists which rely on only permitting "established" TCP sessions.
You can find the tools to accompany the paper here.

Cisco Brute Force Guesser - [23-Mar-2000]

Codex

Here's a little telnet pw brute-forcer for Cisco devices that Codex knocked up using Perl and Expect...it does exactly what it says on the tin!

Thoughts on Extended Access Lists - [23-Feb-2000]

Codex

A little collection of thoughts concerning possible ways to exploit this form of packet filtering, brought to you by Codex.
Document is available here.

Centralized firewall problems - [28-Oct-1999]

Codex

Many Internet Service Providers (ISPs) provide so-called "centralized firewall" services to leased line customers. This document is an attempt to highlight problems which may be associated with such a service.