lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20030207041634.GP30318@bariloche.com.ar>
From: shadown at bariloche.com.ar (^Shadown^)
Subject: Re: Global HIGH Security Risk

Hi,
	I ask for apologize if I was unclear.
	I've seen many people who understood that "bypass" was the meaning of pass trough filtered ports, and I didn't wanted to say that.
	What I've wanted to say is that if a firewall is set up to stop reverse telnet techniques by closing all ports to let the server go to outside, and there were deleted gcc, vi, ed (anything that could be used as a text editor) and uudecode/uuencode (and other en/decoders), it wasn't enough to stop an attacker to upload (xploits, etc) and download files, and obviously execute then on the server. I saw many servers set up like this so I wanted to prevent everybody to this kind of attack. And I thought it was important enough to be posted.
	Again forgive me if I was unclear on what I've wanted to say.
	Best regards,
		^Shadown^

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ