Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fw: Latest libpcap & tcpdump sources from tcpdump.org contain a trojan

From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>
Date: Thu, 14 Nov 2002 16:18:42 +0100

->

   >>      * It's important to note that it reuses the same outgoing
   >>        connection for the shell. This gets around firewalls that block
   >>        incoming connections.

Using connection tracking _and_ allowing all outgoing traffic is not a really
good idea, as far as I understand this. However, for personal purposes this may
be the case, corporate firewalls should not allow this. Especially people having
MS workstations should forbid this anyway.

Regards,

Edin_

--
Edin Dizdarevic







-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: