Security Incidents mailing list archives
Re: Netscreen 5XT SSH Traffic
From: Michael Peppard <mpeppard () impole com>
Date: Fri, 18 Mar 2005 17:39:53 -0500
Dante Mercurio wrote:
I can't tell from your email what indications you currently have thatthis came through the firewall and was not spoofed from the inside in some manner. I've always found the Netscreen to be a pretty secure device and this would be a serious flaw. Are there any other methods onto the network such as dial-in, VPN, or vendor connections? Attacks can originate from any of these without a flaw in the firewall software.M. Dante Mercurio, CISSP, CWNA, Security+, SCSP
Or much more likely, he has a compromised server. SSH traffic in a restricted area is the single biggest give-a-way that you've been compromised.
-Mike
Current thread:
- Netscreen 5XT SSH Traffic Ben Blakely (Mar 18)
- Re: Netscreen 5XT SSH Traffic Jonathan Nichols (Mar 18)
- <Possible follow-ups>
- RE: Netscreen 5XT SSH Traffic Dante Mercurio (Mar 18)
- Message not available
- Re: Netscreen 5XT SSH Traffic Michael Peppard (Mar 18)
- Re: Netscreen 5XT SSH Traffic Ben Blakely (Mar 21)
- Message not available