Snort mailing list archives

Antwort: Re: Antwort: RE: Snort-Machine = Security Hole?

From: ks () schuricht de
Date: Thu, 12 Jul 2001 22:01:45 +0200


Hi Ramin,

Please help me understand this: if you don't have connectivity
to the Internet (by means of the lack of default gateway, or
blocking the Internet connectivity on the firewall, ...) how
can a buffer overflow exploit, gives an attacker an active


If, for example, snort have an exploit that a packet with
42 byte length will cause a buffer overflow. The hacker now
executes some code to set the default gateway...

Or: If he cant set the default gateway, he use code to use
the second nic (connected to you local network) to build a
http-tunnel to his machine using your proxy...

or...and so on :)

I think there are several ways (also with cutted send :).

Best regards,
  Kai.

--
Abt. eBusiness / Entwicklung
D. Schuricht GmbH & Co. KG
http://www.schuricht.de



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Antwort: Re: Antwort: RE: Snort-Machine = Security Hole? ks (Jul 12)