Penetration Testing mailing list archives
RE: publications concerning port forwarding
From: "Jason L. Ellison" <infotek () datasync com>
Date: Wed, 11 Apr 2007 11:12:54 -0500 (CDT)
On Wed, 11 Apr 2007, Wiedemann, Adrian wrote:
------=_NextPart_000_0009_01C77C1F.25A6FE80 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi,to forward ports on the PIX from the Internet to internal servers. I have explained that port forwarding is very risky but they don't seem to understand. Are there any publications that can be used to show theIt boils down to the Exchange-Server setup. If he is using a frontend-backend Exchange configuration and requests port 443 to be forwarded, I see no inherent security concerns about this. In general, I see no security implications about forwarding ports. I just depends on the servers, on which these ports are forwarded to. Regards, Adrian Ret
My concern would be a 0-day exploit for the service that is exposed. An internal MS Exchange server responding to public internet traffic, seems less secure than say... a postfix server in the DMZ and a MS Exchange server on the internal network.at least in this situation you would need two services to be exploitable (Postfix SMTP and MS Exchange) rather than just MS Exchange. Is this an over paranoid stance? What if the company falls under "Executive Order on Critical Infrastructure Protection"? -Jason Ellison ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- publications concerning port forwarding Jason L. Ellison (Apr 10)
- Re: publications concerning port forwarding Ben Nell (Apr 10)
- Re: publications concerning port forwarding vtlists (Apr 11)
- Re: publications concerning port forwarding Brendan Murray (Apr 10)
- RE: publications concerning port forwarding Wiedemann, Adrian (Apr 11)
- RE: publications concerning port forwarding Jason L. Ellison (Apr 11)
- RE: publications concerning port forwarding Wiedemann, Adrian (Apr 11)
- Message not available
- RE: publications concerning port forwarding Wiedemann, Adrian (Apr 11)
- RE: publications concerning port forwarding Jason L. Ellison (Apr 13)
- RE: publications concerning port forwarding Jason L. Ellison (Apr 11)
- Re: publications concerning port forwarding Ben Nell (Apr 10)
- <Possible follow-ups>
- RE: publications concerning port forwarding Jason Rahl (Apr 11)
- RE: publications concerning port forwarding Thomas W Shinder (Apr 13)
- Re: publications concerning port forwarding vtlists (Apr 13)
- Re: publications concerning port forwarding Thor (Hammer of God) (Apr 13)