Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

c4i-pro Network Vulnerability Exploitations (fwd)

From: William Knowles <wk () C4I ORG>
Date: Mon, 3 Jul 2000 16:21:08 -0500
From another list I am on, If anyone feels like helping this

gentleman, Please contact him directly.

William Knowles
wk () c4i org


---------- Forwarded message ----------
Date: Mon, 3 Jul 2000 16:49:09 -0400
From: "Benedict, Dale M Mr HQ INSCOM" <dmbene2 () vulcan belvoir army mil>
To: "'c4i-pro () stl nps navy mil'" <c4i-pro () stl nps navy mil>
Cc: "Benedict, Dale M  GS-13 IOVAD" <dmbene2 () LIWA belvoir army mil>
Subject: c4i-pro Network Vulnerability Exploitations

"Benedict, Dale M Mr HQ INSCOM" <dmbene2 () vulcan belvoir army mil>

Greetings, all.  The list appears to have been quiet for a while, so
how about some questions that we would like to interject into our
INFOSEC training?

Based on your experiences or knowledge, can any of you C4I
professionals provide any feedback on questions regarding these
relatively common network vulnerabilities, or point me to a site that
would have these listed?

Here is a set of questions for us to consider:

1. Can the particular network vulnerability be exploited by an outside
   adversary (or trusted insider)?

2. When, to your knowledge, has this particular network vulnerability
   been exploited?

3. Who, if known, has exploited this particular network vulnerability?
4. What level of adversary (i.e., hacker) can perform this
   exploitation, and what tools/training are required?

Here is a set of possibly 'common' vulnerabilities:

1.      "SMTP VRFY buffer overflow can crash or obtain access"
2.      "SMTP HELO buffer overflow can crash or obtain access"
3.      "SMTP EXPN command"
4.      "SMTP host possibly vulnerable"
5.      "SMTP server allows fake hostnames in HELO"
6.      "SMTP verify (VRFY) command can be used to validate users"
7.      "FTP PASV port denial of service attack"
8.      "LDAP anonymous access to directory"
9.      "LDAP null base returns information"
10.      "Sendmail %style blind relaying can be used to obfuscate the origin
         of e-mails"

11.     "Anonymous FTP enabled"
12.     "HTTP proxy detected"
13.     "HTTP proxy penetrated"
14.      "ICMP timestamp requests"
15.     "NNTP posting"
16.     "NNTP reading"
17.      "Traceroute can be used to map network topologies"


If any of you have seen anything on these, please point the way, share
your experiences, and/or drop me a line.

        Thanks.

        Dale M. Benedict
        IOVAD, LIWA
        Fort Belvoir, VA 22060
        DSN 235-1606
        Comm (703) 706-1606

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: