Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Sending remote procedure calls through e-mail (RPC-Mail)
From: michael williamson <michael () puffin tamucc edu>
Date: Wed, 20 Oct 2004 07:34:06 -0500

Someone could use an email scheme like this to to trigger an outbound
secure shell connection with ports forwarded from the machine its
connecting to back to the machine making the connection.  In this way
any firewall that allows SSH can be perforated. 

(now replace the afformentioned email sceme with dumb users)...I how
much spyware already does stuff like this?  This sure does demonstrate
how _useless_ NAT really is for security. 


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]