Full Disclosure mailing list archives
RE: MS should point windowsupdate.com to 127.0.0.1
From: "Steve Wray" <steve.wray () paradise net nz>
Date: Fri, 15 Aug 2003 22:29:26 +1200
Schmehl, Paul L wrote:I just curious how you geniuses would solve this problem.You have a
[great big snip]
What *kind* of Internet access? Any reason I can't put a firewall or proxy of some sort between it and the Internet? Maybe an IDS running as a router?
Presumably it has to accept incoming web connections from the internet. Firewalls are ok if the services which must penetrate the firewall are adequately secured. In the outlined scenario this isn't the case, it looks as if the web server must be vulnerable and accept incoming connections. IDS is an intrusion *detection* system; if you detect an intrusion its too late in this scenario. Reverse proxy might help I guess, if it were configured to scrub incoming web connections. Thing is, you can't just lock out the known hacks and filter out the URLs that match them; what about the ones you don't know about yet? You'd have to be able to identify the specific URL patterns that this hugely expensive widget needs to service and only allow them thru the reverse proxy. I guess. Or maybe run the web server on VMWare, having multiple identical instances ready to run when one gets infected. Delete it, switch to the next one and make another copy of the master image to replace the new one when it gets infected. Or something like that :) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: MS should point windowsupdate.com to 127.0.0.1 Schmehl, Paul L (Aug 14)
- Re: MS should point windowsupdate.com to 127.0.0.1 Blue Boar (Aug 15)
- Re: MS should point windowsupdate.com to 127.0.0.1 Barry Irwin (Aug 15)
- RE: MS should point windowsupdate.com to 127.0.0.1 Steve Wray (Aug 15)
- RE: MS should point windowsupdate.com to 127.0.0.1 Tobias Oetiker (Aug 15)
- RE: MS should point windowsupdate.com to 127.0.0.1 Jason Coombs (Aug 15)
- Re: MS should point windowsupdate.com to 127.0.0.1 Barry Irwin (Aug 15)
- Re: MS should point windowsupdate.com to 127.0.0.1 Michael Renzmann (Aug 15)
- Re: MS should point windowsupdate.com to 127.0.0.1 vb (Aug 15)
- RE: MS should point windowsupdate.com to 127.0.0.1 Jeroen Massar (Aug 15)
- <Possible follow-ups>
- RE: MS should point windowsupdate.com to 127.0.0.1 Schmehl, Paul L (Aug 15)
- Re: MS should point windowsupdate.com to 127.0.0.1 David Hane (Aug 15)
- Re: MS should point windowsupdate.com to 127.0.0.1 vb (Aug 15)
- Re: MS should point windowsupdate.com to 127.0.0.1 Paul Schmehl (Aug 15)
- Re: MS should point windowsupdate.com to 127.0.0.1 David Hane (Aug 15)
(Thread continues...)
- Re: MS should point windowsupdate.com to 127.0.0.1 Blue Boar (Aug 15)