Home page logo
  • Nmap Security Scanner
  • Security Lists
  • Security Tools
  • Site News
  • Advertising
  • About/Contact
  • Sponsors:



/

fulldisclosure logo Full Disclosure mailing list archives

Re: Barracuda backdoor
From: bk <chort0 () gmail com>
Date: Fri, 29 Apr 2011 10:03:02 -0700

On Apr 29, 2011, at 9:22 AM, Cal Leeming wrote:

On Fri, Apr 29, 2011 at 4:13 PM, bk <chort0 () gmail com> wrote:
On Apr 29, 2011, at 6:11 AM, Cal Leeming wrote:


On Fri, Apr 29, 2011 at 3:30 AM, bk <chort0 () gmail com> wrote:
Everything you have mentioned there are when you have 'leased' a product, so if the license runs out, of course it's 
going to terminate those 'leased' services.



Actually, no.  I'm really starting to doubt you have any experience what so ever with enterprise products.  Every 
appliance I've ever heard of or sold personally is sold, as in ownership is transferred.  The physical unit belongs 
to the party who purchased it.  The continuing fees or subscriptions cover:
1.  Support
2.  Product updates and patches
3.  Updates to anti-spam and anti-virus definitions
4.  Other product features that either require infrastructure on the vendor's part, or capabilities that are OEM'd 
from another vendor and require recurring royalty fees.

Are you referring to hardware or virtual appliances? Almost everything I have used in an enterprise deployment, has 
been where the unit was owned outright by the customer, with the license simply being for support.


EIther/both.  In the case of VM, customer generally pays a one-time license for the right to run a VM (in perpetuity).  
A few were sold based on size of the pre-configured VM (disk space, vCPUs, etc), but my understanding is most of those 
are transitioning to a perpetual VM license scheme (due to the obvious fact that customers can change the virtual 
hardware).

If you don't like remote support from vendor, ask them how to disable it.  If you don't believe them, block all the 
egress traffic and look at the firewall logs to see where it's sending SYNs.  Almost any product these days needs to 
download updates, but you should be able to tell the difference between downloading updates and opening reverse shells. 
 I don't know of any vendors yet who do their shell over HTTPS (although it would make sense if you want it to be 
covert, ssh really stands out).

--
chort




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]