From owner-freebsd-security Fri Sep 24 11: 3: 2 1999 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 0252C15685 for ; Fri, 24 Sep 1999 11:02:59 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id MAA01748; Fri, 24 Sep 1999 12:02:33 -0600 (MDT) Message-Id: <4.2.0.58.19990924115715.0480e340@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Fri, 24 Sep 1999 12:02:29 -0600 To: nate@mt.sri.com (Nate Williams) From: Brett Glass Subject: Re: default rc.firewall Cc: nate@mt.sri.com (Nate Williams), Monte Westlund , freebsd-security@FreeBSD.ORG In-Reply-To: <199909241749.LAA27881@mt.sri.com> References: <4.2.0.58.19990924113626.0480db00@localhost> <4.2.0.58.19990924111600.04809a90@localhost> <3.0.5.32.19990923152232.007c94c0@memes.com> <199909241733.LAA27644@mt.sri.com> <4.2.0.58.19990924113626.0480db00@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:49 AM 9/24/99 -0600, Nate Williams wrote: >Then use different software. Seriously, active-mode ftp is an exploit >waiting to happen. Anyone can connect *from* port 20 on any box and >connect to any site internal to your domain. Does the word >'back-orifice' mean anything to you? Actually, that's TWO words. ;-) Seriously, I'm well aware of the issues involved. There's no reason, however, to think that blocking incoming connections from one particular port makes you safer from Trojans. A Trojan can connect OUTWARD, too, and often does. And remember the eEye IIS exploit? It let you come into the hacked Web server *on port 80*. So, any Web server that was accessible from the outside world could be hacked from the outside world. And used to compromise the rest of the network, too. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message