Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 24 Sep 1999 12:02:29 -0600
From:      Brett Glass <brett@lariat.org>
To:        nate@mt.sri.com (Nate Williams)
Cc:        nate@mt.sri.com (Nate Williams), Monte Westlund <montejw@memes.com>, freebsd-security@FreeBSD.ORG
Subject:   Re: default rc.firewall
Message-ID:  <4.2.0.58.19990924115715.0480e340@localhost>
In-Reply-To: <199909241749.LAA27881@mt.sri.com>
References:  <4.2.0.58.19990924113626.0480db00@localhost> <4.2.0.58.19990924111600.04809a90@localhost> <3.0.5.32.19990923152232.007c94c0@memes.com> <199909241733.LAA27644@mt.sri.com> <4.2.0.58.19990924113626.0480db00@localhost>

next in thread | previous in thread | raw e-mail | index | archive | help
At 11:49 AM 9/24/99 -0600, Nate Williams wrote:

>Then use different software.   Seriously, active-mode ftp is an exploit
>waiting to happen.  Anyone can connect *from* port 20 on any box and
>connect to any site internal to your domain.  Does the word
>'back-orifice' mean anything to you?

Actually, that's TWO words. ;-) Seriously, I'm well aware of the issues
involved. There's no reason, however, to think that blocking incoming
connections from one particular port makes you safer from Trojans. A Trojan 
can connect OUTWARD, too, and often does. 

And remember the eEye IIS exploit? It let you come into the hacked Web server 
*on port 80*. So, any Web server that was accessible from the outside world 
could be hacked from the outside world. And used to compromise the rest of the 
network, too.

--Brett




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19990924115715.0480e340>