Full Disclosure mailing list archives
Re: Barracuda backdoor
From: bk <chort0 () gmail com>
Date: Fri, 29 Apr 2011 10:03:02 -0700
On Apr 29, 2011, at 9:22 AM, Cal Leeming wrote:
On Fri, Apr 29, 2011 at 4:13 PM, bk <chort0 () gmail com> wrote: On Apr 29, 2011, at 6:11 AM, Cal Leeming wrote:On Fri, Apr 29, 2011 at 3:30 AM, bk <chort0 () gmail com> wrote: Everything you have mentioned there are when you have 'leased' a product, so if the license runs out, of course it's going to terminate those 'leased' services.Actually, no. I'm really starting to doubt you have any experience what so ever with enterprise products. Every appliance I've ever heard of or sold personally is sold, as in ownership is transferred. The physical unit belongs to the party who purchased it. The continuing fees or subscriptions cover: 1. Support 2. Product updates and patches 3. Updates to anti-spam and anti-virus definitions 4. Other product features that either require infrastructure on the vendor's part, or capabilities that are OEM'd from another vendor and require recurring royalty fees. Are you referring to hardware or virtual appliances? Almost everything I have used in an enterprise deployment, has been where the unit was owned outright by the customer, with the license simply being for support.
EIther/both. In the case of VM, customer generally pays a one-time license for the right to run a VM (in perpetuity). A few were sold based on size of the pre-configured VM (disk space, vCPUs, etc), but my understanding is most of those are transitioning to a perpetual VM license scheme (due to the obvious fact that customers can change the virtual hardware). If you don't like remote support from vendor, ask them how to disable it. If you don't believe them, block all the egress traffic and look at the firewall logs to see where it's sending SYNs. Almost any product these days needs to download updates, but you should be able to tell the difference between downloading updates and opening reverse shells. I don't know of any vendors yet who do their shell over HTTPS (although it would make sense if you want it to be covert, ssh really stands out). -- chort
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Barracuda backdoor, (continued)
- Re: Barracuda backdoor Cal Leeming (Apr 29)
- Re: Barracuda backdoor Hartley, Christopher J. (Apr 29)
- Re: Barracuda backdoor bk (Apr 28)
- Re: Barracuda backdoor Cal Leeming (Apr 29)
- Re: Barracuda backdoor bk (Apr 28)
- Re: Barracuda backdoor Cal Leeming (Apr 29)
- Re: Barracuda backdoor bk (Apr 29)
- Re: Barracuda backdoor Valdis . Kletnieks (Apr 29)
- Re: Barracuda backdoor Benji (Apr 29)
- Re: Barracuda backdoor Cal Leeming (Apr 29)
- Re: Barracuda backdoor bk (Apr 29)
- Re: Barracuda backdoor Cal Leeming (Apr 29)