> Good evening!
Not after the test I just had ;)
> I just stumbled upon a 'feature' of Norton AntiVirus 2000 that seems like
> a bad idea. I have not seen it discussed elsewhere; my apologies if it is
> old news.
> The problem with this is that port 110 is left open to the world. At
> best, there has to be a denial of service attack there somewhere. I can
> pick up POP mail through your box from anywhere I want, just by using the
> login 'username/pop3.server.com'. I eat your bandwidth at the very least,
> and it may be possible to fill your drives and bog your CPU if Norton
> waits for the whole message before scanning and forwarding.
Another interesting implication would be to use it to bounce port scans.
At the worst you could bounce scanning for pop3 servers. If enough
information is passed through by the proxy, you could identify the remote
end (or possibly get some shell code bounced through the proxy).
If the proxy supports
USER name/pop3.server.com:port
You could do some much wider port scans.
You may be able to do a
USER name/localhost
to cause a land style attack ;)
or maybe a
USER name/localhost:31337
to trip Back Officer Friendly (does it listen on TCP?)
Back to watching an OpenBSD box install.... Whirrrrrrr
later,
.mike
Received on Dec 01 1999
Intro
