|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Netscreen 5XT SSH Traffic
From: Michael Peppard (mpeppard
impole.com)
Date: Fri Mar 18 2005 - 16:39:53 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dante Mercurio wrote:
> I can't tell from your email what indications you currently have
> thatthis came through the firewall and was not spoofed from the inside
> in some manner. I've always found the Netscreen to be a pretty secure
> device and this would be a serious flaw. Are there any other methods
> onto the network such as dial-in, VPN, or vendor connections? Attacks
> can originate from any of these without a flaw in the firewall software.
>
> M. Dante Mercurio, CISSP, CWNA, Security+, SCSP
Or much more likely, he has a compromised server. SSH traffic in a
restricted area is the single biggest give-a-way that you've been
compromised.
-Mike
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]