VanLUG Email Archive
Traduisez - Übersetzen - Traduzca - Traduza - Tradurre - Translate
Vincent Janelle (malokai@gildea.net)
Sat, 20 Jan 2001 05:53:33 -0800 (PST)
Forgive my rather jumbled mind.. I was out most of the night..
On Fri, 19 Jan 2001, Andrew Daviel wrote:
> On Thu, 18 Jan 2001, Rob Bos wrote:
>
> > Of course, a large quantity of potential security holes can be stopped simply
> > by running a firewall.
>
Depends on how well your rules are setup, and if you have a firewall that
checks to make sure you initiated the connection to the host in
question...
> When everyone encrypts everything, and everything is Web-enabled, and
> everyone has gone to switched networks instead of shared segment, all
> attacks will go right through the firewall on port 443 and external
> intrusion detection systems will be useless. Ditto for email. (actually, I
> recall somewhere a port monitor that can read https traffic if given the
> server keys)
>
Its called "dsniff", an updated version was recently released which
allowed it to perform man-in-the-middle attacks against SSH and SSL
sessions.
> > *wince* again. More accurately, it attacks the wu-ftpd and rpc.statd
> > combination, and those are not necessarily Red Hat. Disabling either or both
> > of those services should workaround it. proftpd is a good FTP server, I think.
These mostly target redhat with the offsets that they require to perfrorm
the attacks to overwrite memory. Its possible for two distributions to
have the same offsets for performing buffer/heap over/underflow attacks,
but unlikely.
-- This message came to you via the Vancouver Linux Users Group mailing list. For unsubscription instructions do not email the list, but rather send mail to <vanlug-request@gweep.bc.ca>.
This archive was generated by hypermail 2.0b3 on Tue 03 Jul 2001 - 18:31:59