mailing list archives
Re: Sending remote procedure calls through e-mail (RPC-Mail)
From: michael williamson <michael () puffin tamucc edu>
Date: Wed, 20 Oct 2004 07:34:06 -0500
Someone could use an email scheme like this to to trigger an outbound
secure shell connection with ports forwarded from the machine its
connecting to back to the machine making the connection. In this way
any firewall that allows SSH can be perforated.
(now replace the afformentioned email sceme with dumb users)...I how
much spyware already does stuff like this? This sure does demonstrate
how _useless_ NAT really is for security.
Full-Disclosure - We believe in it.