Date: Fri, 24 Sep 1999 11:20:20 -0700 From: Deepwell Internet <freebsd@deepwell.com> To: Brett Glass <brett@lariat.org>, freebsd-security@freebsd.org Subject: Re: default rc.firewall Message-ID: <4.2.0.58.19990924110859.018517c0@mail1.dcomm.net> In-Reply-To: <4.2.0.58.19990924115715.0480e340@localhost> References: <199909241749.LAA27881@mt.sri.com> <4.2.0.58.19990924113626.0480db00@localhost> <4.2.0.58.19990924111600.04809a90@localhost> <3.0.5.32.19990923152232.007c94c0@memes.com> <199909241733.LAA27644@mt.sri.com> <4.2.0.58.19990924113626.0480db00@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
>At 11:49 AM 9/24/99 -0600, Nate Williams wrote: > > >Then use different software. Seriously, active-mode ftp is an exploit > >waiting to happen. Anyone can connect *from* port 20 on any box and > >connect to any site internal to your domain. Does the word > >'back-orifice' mean anything to you? > >Actually, that's TWO words. ;-) Seriously, I'm well aware of the issues >involved. There's no reason, however, to think that blocking incoming >connections from one particular port makes you safer from Trojans. A Trojan >can connect OUTWARD, too, and often does. > >And remember the eEye IIS exploit? It let you come into the hacked Web server >*on port 80*. So, any Web server that was accessible from the outside world >could be hacked from the outside world. And used to compromise the rest of >the >network, too. > >--Brett > I agree that you're not going to be able to completely protect your machines by instituting these policies but if you weigh the options, they're probably worth it. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19990924110859.018517c0>