Vulnerability Development mailing list archives
Re: dos commands via iis 4 (TFTP)
From: Lincoln Yeoh <lyeoh () POP JARING MY>
Date: Thu, 16 Nov 2000 09:07:38 +0800
At 02:01 PM 15-11-2000 +0100, Bluefish (P.Magnusson) wrote:
An more reliable attack though, would be to download and execute a client which connects to www.attacker.com:80, only port 80 won't be running a webserver but a server for the client.
That way it will overcome more firewalls; only an application level firewall or a closed DMZ would cause problems, where as the attack you describe rely on some server port not being firewalled.
Yep. That could work. One more reason to not allow anything out transparently - make the hacker work a bit harder to sniff out which is the web proxy and if there are any passwords which need to be used (I believe IE's autocomplete makes that part easier though :) ). Cheerio, Link.
Current thread:
- Re: dos commands via iis 4 (TFTP), (continued)
- Re: dos commands via iis 4 (TFTP) Lincoln Yeoh (Nov 16)
- Re: dos commands via iis 4 (TFTP) Matt Zimmerman (Nov 16)
- Re: dos commands via iis 4 (TFTP) Bluefish (P.Magnusson) (Nov 16)
- Re: dos commands via iis 4 (TFTP) MadHat (Nov 16)
- Re: dos commands via iis 4 (TFTP)-NETBIOS booboo (Nov 16)
- Re: dos commands via iis 4 (TFTP)-NETBIOS MadHat (Nov 16)
- Re: dos commands via iis 4 (TFTP)-NETBIOS booboo (Nov 18)
- Re: dos commands via iis 4 (TFTP)-NETBIOS Paul Cardon (Nov 19)
- Re: dos commands via iis 4 (TFTP)-NETBIOS Illes Marci (Nov 21)
- Re: dos commands via iis 4 (TFTP)-NETBIOS Paul Cardon (Nov 22)
- Re: dos commands via iis 4 (TFTP) Lincoln Yeoh (Nov 16)
- Re: dos commands via iis 4 (TFTP) Robert A. Seace (Nov 11)