From owner-freebsd-security  Sun Oct 10 19:41:53 1999
Delivered-To: freebsd-security@freebsd.org
Received: from news.third-rail.net (mail2.third-rail.net [208.153.2.13])
	by hub.freebsd.org (Postfix) with ESMTP id 5C95214EB5
	for <freebsd-security@FreeBSD.ORG>; Sun, 10 Oct 1999 19:41:50 -0700 (PDT)
	(envelope-from psion@geekspace.com)
Received: from geekspace.com ([208.154.207.131]) by news.third-rail.net
          (Post.Office MTA v3.1.2 release (PO205-101c)
          ID# 0-44653U100L2S100) with ESMTP id AAA169;
          Sun, 10 Oct 1999 22:37:38 -0400
Message-ID: <38014EC5.C2541B08@geekspace.com>
Date: Sun, 10 Oct 1999 22:43:17 -0400
From: Chris Williams <psion@geekspace.com>
X-Mailer: Mozilla 4.61 [en] (X11; U; FreeBSD 3.3-STABLE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Brett Glass <brett@lariat.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: scanning of port 12345
References: <Pine.BSF.4.10.9910101900340.71027-100000@bsdie.rwsystems.net> <4.2.0.58.19991010202528.042c0b70@localhost>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> >Neither Netbus or BackOriface provide any machanisms for attacking a
> >machine.
> Not so. A remote sniffer is a great way to get passwords.

Note: SMS includes a remote sniffer utility.

> >   Netbus is sold just like any other remote monitoring and admin
> >tool including several that cost thousands of dollars.  CDC (the authors
> >of BO) have a webpage pointing out that there is almost no difference
> >between their product that the Microsoft System Management Server.
> And you believe them?

It's not a matter of belief, it's a matter of fact. Having used SMS, it
does in fact have most of the same capabilities as BO. It's also easier
to install on a large number of machines without users' knowledge, and
harder to remove.
The only argument I can think of that you could make for SMS as a
fundamentally more 'legit' remote admin tool is that it uses the domain
security model for authentication. But, since SMS remote tools can be
run against a machine using the local admin credentails, which is to
say, without a valid domain login, even that point is pretty weak.

How in the world did we end up on this in freebsd-security, anyhow?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message