Date: Fri, 24 Sep 1999 12:02:29 -0600 From: Brett Glass <brett@lariat.org> To: nate@mt.sri.com (Nate Williams) Cc: nate@mt.sri.com (Nate Williams), Monte Westlund <montejw@memes.com>, freebsd-security@FreeBSD.ORG Subject: Re: default rc.firewall Message-ID: <4.2.0.58.19990924115715.0480e340@localhost> In-Reply-To: <199909241749.LAA27881@mt.sri.com> References: <4.2.0.58.19990924113626.0480db00@localhost> <4.2.0.58.19990924111600.04809a90@localhost> <3.0.5.32.19990923152232.007c94c0@memes.com> <199909241733.LAA27644@mt.sri.com> <4.2.0.58.19990924113626.0480db00@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:49 AM 9/24/99 -0600, Nate Williams wrote: >Then use different software. Seriously, active-mode ftp is an exploit >waiting to happen. Anyone can connect *from* port 20 on any box and >connect to any site internal to your domain. Does the word >'back-orifice' mean anything to you? Actually, that's TWO words. ;-) Seriously, I'm well aware of the issues involved. There's no reason, however, to think that blocking incoming connections from one particular port makes you safer from Trojans. A Trojan can connect OUTWARD, too, and often does. And remember the eEye IIS exploit? It let you come into the hacked Web server *on port 80*. So, any Web server that was accessible from the outside world could be hacked from the outside world. And used to compromise the rest of the network, too. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19990924115715.0480e340>