Full Disclosure mailing list archives
Re: Sending remote procedure calls through e-mail (RPC-Mail)
From: michael williamson <michael () puffin tamucc edu>
Date: Wed, 20 Oct 2004 07:34:06 -0500
Someone could use an email scheme like this to to trigger an outbound secure shell connection with ports forwarded from the machine its connecting to back to the machine making the connection. In this way any firewall that allows SSH can be perforated. (now replace the afformentioned email sceme with dumb users)...I how much spyware already does stuff like this? This sure does demonstrate how _useless_ NAT really is for security. -Michael _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Sending remote procedure calls through e-mail (RPC-Mail) Abe Usher (Oct 19)
- Re: Sending remote procedure calls through e-mail (RPC-Mail) Barrie Dempster (Oct 20)
- Re: Sending remote procedure calls through e-mail (RPC-Mail) michael williamson (Oct 20)
- Re: Sending remote procedure calls through e-mail (RPC-Mail) zeedo (Oct 20)
- Re: Sending remote procedure calls through e-mail (RPC-Mail) Michael Williamson (Oct 20)
- Re: Sending remote procedure calls through e-mail (RPC-Mail) michael williamson (Oct 20)
- Re: Sending remote procedure calls through e-mail (RPC-Mail) Barrie Dempster (Oct 20)