RE: Re: Code Red: What security specialist don't mention in warnings (Frank Knobbe)

["Stiennon,Richard" <richard.stiennon () gartner com>]

-----Original Message-----
From: Joseph Steinberg [mailto:Joseph () whale-com com]
Sent: Thursday, August 02, 2001 12:23 PM
To: firewall-wizards () nfr com
Subject: [fw-wiz] Re: Code Red: What security specialist don't mention
in warnings (Frank Knobbe)

<snip>

> BTW: The generic Code Red worm may just deface and connect >outward, but
the
> same vulnerability could have been exploited to steal the >information on
the
> web server, or turn it into a host for a staged attack against >other
> DMZ/internal machines. As the vulnerability is at the >application-level, a
> firewall will not likely mitigate against this.

Unless that firewall has a strong application proxy!

-Stiennon


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards