Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: External Penetration Question

From: anonymous () abc com
Date: 8 Aug 2006 21:12:07 -0000
In the scenario you describe, the only way an exploit would work would be to have the computer behind the NAT and 
firewall to connect to the exploiter, say by visiting a malicious website. Once the connection is established from 
behind the NAT/firewall, the exploit can be carried out, because NATs and firewalls (most of the time) only block 
incoming connections, not data transfers over existing connections. This is also why social engineering is such a big 
issue, because if a malicious individual can get someone to visit a particular website or download a particular file, 
then the connection can be established from the inside out. This is not to say that by visiting any old website you are 
immediately vulnerable to exploit; the website would have to contain malicious code.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: