Firewall Wizards mailing list archives
Re: Web Site Hacks
From: "Bruce B. Platt" <bbp () comport com>
Date: Thu, 04 Dec 1997 08:41:45 -0500
At 09:10 PM 12/2/97 GMT, Edward Cracknell wrote:
Web Site Hacks:
... snip ...
Assuming the Web server is behind the firewall and only http is allowed:
... snip ... Other have commented on the specific issues Edward raised, like creating the telnet link, dns. What's more interesting is just because your web-server is behind a firewall, or in a DMZ doesn't mean it's safe. Web servers have a history of susceptibilities to things like buffer overruns, etc., which protecting them in blue or green nets doesn't stop. I'm not willing to say that all popularly used web servers are 100% guaranteed to be breach proof. Or, suppose I go all out and place a web server, ftp, gopher site in a blue or green zone and then muck up the file protections to the ftp/incoming directory, or perhaps worse, the ftp/pub directory so someone can write to it, ... I think I'm probably fair game for someone clever than I to do some things I'd rather they not. Now, screend rules on the firewall can help, but if I can make a simple mistake i setting up the ftp root, etc., than I wouldn't trust my screend rules either. Regards, Bruce
Current thread:
- Web Site Hacks Edward Cracknell (Dec 03)
- Re: Web Site Hacks -= ArkanoiD =- (Dec 03)
- Re: Web Site Hacks -= ArkanoiD =- (Dec 03)
- Re: Web Site Hacks Daniel Garcia (Dec 03)
- Re: Web Site Hacks Nick Drage (Dec 04)
- Re: Web Site Hacks Michael Kyle (Dec 04)
- <Possible follow-ups>
- RE: Web Site Hacks Denis Gordon (Dec 03)
- Re[2]: Web Site Hacks Edward Cracknell (Dec 04)
- Re: Web Site Hacks Bruce B. Platt (Dec 04)
- Re[2]: Web Site Hacks Edward Cracknell (Dec 05)
- Re: Web Site Hacks Steve Gibbons (Dec 05)
- Re: Web Site Hacks Steven Bellovin (Dec 05)
- Re: Web Site Hacks Chad Schieken (Dec 05)
- Re: Web Site Hacks Aleph One (Dec 06)
- Re: Web Site Hacks Chad Schieken (Dec 05)
- Re: Web Site Hacks David Kennedy (Dec 08)
- Re: Web Site Hacks Paul McNabb (Dec 09)
- Re: Web Site Hacks shimons (Dec 11)
- Re: Web Site Hacks Paul McNabb (Dec 11)
- Re: Web Site Hacks Joseph S. D. Yao (Dec 11)