|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: TCP port 5000 syn increasing
Valdis.Kletnieks
vt.edu
Date: Wed May 19 2004 - 13:20:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 18 May 2004 18:56:14 -0300, Andreas <andreasconectiva.com.br> said:
> On Tue, May 18, 2004 at 05:30:43PM -0400, Valdis.Kletnieksvt.edu wrote:
> > I'm waiting for the first worm that tunnels over HTTP port 80, as a number
> > of protocols already do, to get around firewalls that only pass 25 and 80. ;)
>
> It would have to be "de-tunneled" on the inside to do something useful. Either
> the network is already compromised, or it exploits something on that specific
> service.
Leverage existing code.
Windows 2003 already knows how to tunnel RPC over https.
And quite frankly, any sentence that has "Windows" and "RPC" in it is all too
close to "already compromised"......
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFAq6VPcC3lWbTT17ARAsjxAJ4tOoQRwlr7KPp9bFtCagadceVELgCfZYDi
I5swbvF/uLEU6gTerivT7jU=
=XRTi
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]