Date: Wed, 2 Dec 1998 16:22:57 -0500 From: Christopher Michaels - SSG <ChrisMic@sbservices.com> To: "'Gravel, Emmanuel (AZ77)'" <Emmanuel.Gravel@CAS.honeywell.com>, questions@FreeBSD.ORG Subject: RE: back orifice Message-ID: <6C37EE640B78D2118D2F00A0C90FCB441A5CF7@site2s1>
next in thread | raw e-mail | index | archive | help
Not to mention that any malicious user inside of the firewall can wreak total havoc on any systems with Back Orifice installed. My understanding of the purpose of that software was to point out and exploit a security hole in Win95 to gain a response from Microsoft. Not to be used as a legitimate administration tool. (although it does sound promising). > -----Original Message----- > From: Gravel, Emmanuel (AZ77) [SMTP:Emmanuel.Gravel@CAS.honeywell.com] > Sent: Wednesday, December 02, 1998 4:03 PM > To: 'gkshenaut@ucdavis.edu'; questions@FreeBSD.ORG > Subject: RE: back orifice > > >So I did a web search and found out about it: it's a freeware remote > >access tool for windows 95+, and there is in fact a *nix client > >for it. I'm wondering whether this works as well as it sounds on > >FreeBSD. Has anyone tried it? > > I haven't tried it myself, but I know it can be a MAJOR security hole. > Anyone which has the client can scan the net for listening ports of > the BackOrifice server. From there they can gain access to the > machine. So unless you have your Win95 machines behind a > firewall that blocks portscans of the affected ports (or even more > added security features) I'd strongly recommend not to install it. > That is, if the server doesn't have the ability to deny connections > from untrusted IP's. > > Good luck! > > Manu > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6C37EE640B78D2118D2F00A0C90FCB441A5CF7>