Home page logo
/

basics logo Security Basics mailing list archives

Re: Open All Outbound Ports?
From: <m2dzus () yahoo com>
Date: 10 Nov 2002 22:25:37 -0000

In-Reply-To: <FDEHJDIOOBLHLBCAOEJFMELFEOAB.billl () cyberbase7 com>

---snip--

opening all outbound ports is a bad idea. classic example is here..

director of marketing takes laptop home.

director gets hacked via Trojan downloaded from non corporate mail.

director brings laptop back to work.

using netcat hacker sets up opens backdoor via a allowed port... and 
tunnels
out through a high port to avoid detection.

your firewall team wont see this if the port is open...

---snip---

Sorry if this sounds basic but I can't seem to figure out how this example 
would work? Please could you elaborate

Surely the trojan would alerady have to be running on a open port for the 
hacker to connect to it in order to run netcat to setup a backdoor?

Thanks


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]