Information Security News mailing list archives
Re: Sudan Bank Hacked, Bin Laden Info Found - Hacker
From: InfoSec News <isn () c4i org>
Date: Mon, 1 Oct 2001 05:13:59 -0500 (CDT)
Forwarded from: Patrick Oonk <patrick () pine nl> On Sun, Sep 30, 2001 at 05:23:22AM -0500, InfoSec News wrote:
Forwarded from: Tim Slighter <timslighter () home com> I read that story and I would like to have the glorious opportunity of confronting the "so-called" hackers to find specifics on how exactly they managed to bypass perimeter defense. First off, what Financial Institution would be stupid enough to place DNS on the same server as the Firewall ? (especially if there was 50 Million of that guy's cash there), Secondly, even if they had done something so stupid as placing DNS on the Firewall, the only bypass vulnerability that Checkpoint Firewall-1 has been known to have is the PASV FTP where a one way connection could be exploited given very specific conditions. Assuming that they had gained access, then the initial claim that they had "hacked" the DNS server would indicate that access was gained via port 53 or a known exploit via DNS, this however, would not provide them with any known exploits by which to bypass the Firewall. The more I research this and the more I think about it, that story has more holes in it than Swiss Cheese. What a HOAX !!
Another thing someone pointed out at me: why would an Islamic bank in Sudan use the Israeli product Checkpoint Firewall-1 ? Patrick -- patrick oonk - pine internet - patrick () pine nl - www.pine.nl/~patrick T:+31-70-3111010 - F:+31-70-3111011 - Read news at http://security.nl PGPID 155C3934 fp DD29 1787 8F49 51B8 4FDF 2F64 A65C 42AE 155C 3934 Excuse of the day: We've picked COBOL as the language of choice. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Re: Sudan Bank Hacked, Bin Laden Info Found - Hacker InfoSec News (Oct 01)