Security Basics mailing list archives
RE: Re: Firewall question - how easy is it to get thru - Proof
From: Shane Anglin <shane.anglin () gmail com>
Date: Wed, 16 Feb 2011 14:18:50 -0500
Some detail on how such a think can occur… somehow, the ‘bad guy’ tricks a target LAN user to connect his web browser to the bad guy’s web server/page (phishing, social engineering, etc)… the requested web page maliciously loads some web browser exploit on the target LAN user’s machine, and the exploit runs. The exploit could, for example, be one that simply opens up a session reversed back to bad guy’s web server…. And now bad guy has a link inside the target LAN network via the target LAN machine to scan from, load more code onto target LAN machine, etc… and all happening along the HTTP(port 80) or HTTPS (port 443) that the target LAN user initiated, and occurring within the allowed firewall rules, demonstrating that firewall technology alone is not a magic pill . Metasploit is a great tool to perform such attacks… I suggest reading a bit on Metasploit’s meterpreter reverse tcp basics. Regards, Shane Anglin Shane.Anglin () gmail com ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: Firewall question - how easy is it to get thru - Proof vedantamsekhar () gmail com (Feb 17)
- <Possible follow-ups>
- RE: Re: Firewall question - how easy is it to get thru - Proof Shane Anglin (Feb 17)
- RE: Re: Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 17)
- RE: Re: Firewall question - how easy is it to get thru - Proof Omar Salvador Alcalá Ruiz (Feb 18)
- Re: Re: Firewall question - how easy is it to get thru - Proof John Morrison (Feb 18)
- RE: Re: Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 18)
- Re: Re: Firewall question - how easy is it to get thru - Proof John Morrison (Feb 18)
- Windows Authentication Robert . Yung (Feb 22)
- RE: Re: Firewall question - how easy is it to get thru - Proof Rivest, Philippe (Feb 17)