Re: Sending remote procedure calls through e-mail(RPC-Mail)

[David Maynor <dmaynor () gmail com>]

Most IPS is shit. "Next gen" devices that still rely on regex of
packet data to detect an attack just don't get it.

Short of encrypting it all that it would take to defeat the passphrase
method is getting a single sniffed email. If that doesn't work there
is always brute forcing. The ability to email in a RPC command to be
executed is a hackers wet dream.


On Wed, 20 Oct 2004 13:14:16 +0900, Steve W. Manzuik <smanzuik () sidc net> wrote:
> First of all.  IPS is pretty much shit.
>
> That being said, he did say that the email would contain a passphrase.  Although, a good step to add would be perhaps 
> a mechanism to encrypt the messages to prevent being sniffed.
>
> -----Original Message-----
> From: dailydave-bounces () lists immunitysec com on behalf of David Maynor
> Sent: Tue 10/19/2004 8:47 PM
> To: Abe Usher
> Cc: dailydave () lists immunitysec com
> Subject: Re: [Dailydave] Sending remote procedure calls through e-mail(RPC-Mail)
>
> I read this email 3 times hoping that I missed the security part of
> your idea. Do you really want to be able to email rpc requests? You
> are building an awesome avenue to bypass current security tools like
> IPS. You can't really rely on the obscurity of the account name, it
> would not take long for somebody to find it.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave