Penetration Testing mailing list archives
Re: [PEN-TEST] Security of Citrix server to client protocol
From: Peter Van Epp <vanepp () SFU CA>
Date: Thu, 14 Sep 2000 12:03:15 -0700
Peter Van Epp wrote:My question is can any one tell me I don't even need to look because the server client protocol is (for instance) a full IP connection and full of holes? Has anyone been able to compromise a client machine by breaking in to the server on Citrix?Hi, The Citrix client has the ability to map local file systems to a drive on the Citrix server, by default the linux client mounts the /tmp directory to the R drive. If someone gains access to the server, they
Thanks, that right there tells me that Citrix isn't worth considering in this application (which is what I was afraid of). I guess I'll have to have a look at the ATT VNC (? never remember the right acronym :-)) product which I believe is open source and our NT folks are using (within SSH tunnels) to do remote administration. All I want is a stream of keystrokes from the secure net out and a stream of video drawing commands (and only those) allowed in to a gateway machine which will basically pass video drawing commands to a client side rendering engine (and only there), anything else gets tossed and alarm about an attack raised. I don't want anything other than drawing commands to the video screen coming in to the network, and certainly no file sharing. I'd be real tempted to do without an operating system, only two ethernet drivers and a dirt simple filter program running on a PC loaded from DOS to do the program loading. Peter Van Epp / Operations and Technical Support Simon Fraser University, Burnaby, B.C. Canada
Current thread:
- Re: [PEN-TEST] VMware Batten, Gerald (Sep 12)
- Re: [PEN-TEST] VMware Greg (Sep 12)
- [PEN-TEST] Security of Citrix server to client protocol Peter Van Epp (Sep 13)
- Re: [PEN-TEST] Security of Citrix server to client protocol H D Moore (Sep 14)
- Re: [PEN-TEST] Security of Citrix server to client protocol Peter Van Epp (Sep 14)
- [PEN-TEST] Security of Citrix server to client protocol Peter Van Epp (Sep 13)
- Re: [PEN-TEST] VMware Greg (Sep 12)