Snort mailing list archives
Re: Promiscuous interface hacks?
From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 01 May 2003 18:54:15 -0400
At 05:42 PM 5/1/2003 -0500, Paul Schmehl wrote:
But once the bo is exploited, even if a root shell is obtained, how does the attacker then "get to" that shell? Since there's no IP associated with it, I'm having trouble understanding how the attacker could then proceed to exploit the box.
This approach is exactly what I was discrediting when I said:Note that a buffer overflow need not be a plain jane "exec bin/sh over the already established tcp session"...
You've got one example of a kind of buffer-overflow exploit code in mind.. he can execute ANY code he wants. No, really.. ANY code. exec /bin/sh is just ONE possility.
Now constrain yourself to this:If you can install and execute any code you want that is under 1kb in size, can you gain control of the box?
Of course you can.Think about it for a while.. here's a hint.. that code can always create a brand new socket and connect to a custom-made server on your machine... think of it as inverse telnet where the console is on the server side and the shell is on the client side of the tcp connection.
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- VPN and UDP alerts Allan Dover (Apr 24)
- <Possible follow-ups>
- Re: VPN and UDP alerts Neil Dickey (Apr 25)
- Promiscuous interface hacks? Paul Schmehl (May 01)
- Re: Promiscuous interface hacks? Frank Knobbe (May 01)
- Re: Promiscuous interface hacks? Paul Schmehl (May 01)
- Re: Promiscuous interface hacks? Matt Kettler (May 01)
- Re: Promiscuous interface hacks? Paul Schmehl (May 01)
- Re: Promiscuous interface hacks? Matt Kettler (May 01)
- Re: Promiscuous interface hacks? Paul Schmehl (May 02)
- Promiscuous interface hacks? Paul Schmehl (May 01)
- Re: Promiscuous interface hacks? Frank Knobbe (May 01)
- Re: Promiscuous interface hacks? Paul Schmehl (May 02)
- Re: VPN and UDP alerts Allan Dover (Apr 28)
- Re: VPN and UDP alerts Allan Dover (Apr 29)