Can you guys be the first to create defense against this kind of attack (if can’t already=?)?
In a short summary:
The attacker initiates a connection to a target (fe. typing \pc1\share ).
The target attempts to authenticate the attacker by sending it a challenge.
The attacker opens another connection (as i sad, i haven’t see code) to the target, and sends the target this challenge as its own (this should be a kind of loopback, where pc1 can’t recognise that it’s got its own package).
The target responds to that challenge.
The attacker sends that response back to the target (“reflects” it) on the first connection.
If the authentication protocol is not carefully designed, the target will accept that response as valid, thereby leaving the attacker with one fully-authenticated channel connection (the other one is simply abandoned).
This is a generic attack definition targeting the authentication protocols like Kerberos or similar. I am afraid this is way out of the security domain of a firewall. The designer of the protocol must take care of such issues and make sure the protocol is hijack proof. Major protocols like Kerberos, AUTH should not have such issues(afaik) but custom protocols written by 3rd parties can have.
This is quite a theoretical concept. Symetric authentication algorihtms can have such flaws. For example if I write such a protocol myself in my lab, i may have such a flawed system. But I dont think any RFC will have such a simple flaw.
If you are using a sysmetric challenge-response protocol of your own, then you should worry about such things. Otherwise, i dont see any reason to be alerted about this.