Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[ISN] c4i-pro Network Vulnerability Exploitations (fwd)
From: William Knowles (wkC4I.ORG)
Date: Mon Jul 03 2000 - 16:21:08 CDT
>From another list I am on, If anyone feels like helping this
gentleman, Please contact him directly.
---------- Forwarded message ----------
Date: Mon, 3 Jul 2000 16:49:09 -0400
From: "Benedict, Dale M Mr HQ INSCOM" <dmbene2vulcan.belvoir.army.mil>
To: "'c4i-prostl.nps.navy.mil'" <c4i-prostl.nps.navy.mil>
Cc: "Benedict, Dale M GS-13 IOVAD" <dmbene2LIWA.belvoir.army.mil>
Subject: c4i-pro Network Vulnerability Exploitations
"Benedict, Dale M Mr HQ INSCOM" <dmbene2vulcan.belvoir.army.mil>
Greetings, all. The list appears to have been quiet for a while, so
how about some questions that we would like to interject into our
Based on your experiences or knowledge, can any of you C4I
professionals provide any feedback on questions regarding these
relatively common network vulnerabilities, or point me to a site that
would have these listed?
Here is a set of questions for us to consider:
1. Can the particular network vulnerability be exploited by an outside
adversary (or trusted insider)?
2. When, to your knowledge, has this particular network vulnerability
3. Who, if known, has exploited this particular network vulnerability?
4. What level of adversary (i.e., hacker) can perform this
exploitation, and what tools/training are required?
Here is a set of possibly 'common' vulnerabilities:
1. "SMTP VRFY buffer overflow can crash or obtain access"
2. "SMTP HELO buffer overflow can crash or obtain access"
3. "SMTP EXPN command"
4. "SMTP host possibly vulnerable"
5. "SMTP server allows fake hostnames in HELO"
6. "SMTP verify (VRFY) command can be used to validate users"
7. "FTP PASV port denial of service attack"
8. "LDAP anonymous access to directory"
9. "LDAP null base returns information"
10. "Sendmail %style blind relaying can be used to obfuscate the origin
11. "Anonymous FTP enabled"
12. "HTTP proxy detected"
13. "HTTP proxy penetrated"
14. "ICMP timestamp requests"
15. "NNTP posting"
16. "NNTP reading"
17. "Traceroute can be used to map network topologies"
If any of you have seen anything on these, please point the way, share
your experiences, and/or drop me a line.
Dale M. Benedict
Fort Belvoir, VA 22060
Comm (703) 706-1606
ISN is hosted by SecurityFocus.com
To unsubscribe email LISTSERVSecurityFocus.com with a message body of