Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Phrack #60: "Java tears down the Firewall"

From: Mikael Olsson <mikael.olsson () clavister com>
Date: Fri, 03 Jan 2003 23:07:19 +0100

"Marcus J. Ranum" wrote:


Mikael Olsson wrote:

- The firewall automagically pokes a hole for this "data channel"
- The server box is suddenly allowed to connect to this
 vulnerable port, through the firewall.


Could the java app proxy to other ports internally? Seems
like a simple exercise for the malcoder.


Ah, no, the java sandbox only allows connections back to the server
that served the applet -- the problem is that this security model
doesn't coexist very well together with the FTP "security model".


-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: