amonotodNETSCAPE.NET

• Next message: Matthew King: "Re: non-scriptkiddie IRC Channel for Vuln-Dev"
• Previous message: Robert Collins: "patch for squid error page vulnerability"
• Maybe in reply to: Ryan Yagatich: "Summary of IIS 4.0/5.0 Unicode thread (end of thread?)"
• Maybe reply: amonotod: "Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri 10/27/00 5:41 AM, Robert A. Seace wrote:
> In the profound words of Ryan Yagatich:
> > also, you can setup a tftp server on your box, and tftp the
> > file/trojan in which you are attempting to run. (netcat anyone?)
> > all you have to do is setup the command string, the same way.
>
> Another way to transfer files would be "rcp", if you find
> it easier to setup "in.rshd" on your server... (At least,
> the NT machine I saw had an "rcp.exe" client installed in
> "\winnt\system32\"... Not sure how standard that is...)

Quite standard setup, however, as part of the process of locking down the
server, you should restrict access to all the system32\r*.* commands to only
administrators, including the exclusion of System. Furthermore, you should
restrict access to net.exe, ftp.exe, tftp.exe and other remote service link
executables from any 'service' type accounts, and maybe even from System.

If your server is not properly configured, you're open to many kinds of
attack, not just whatever the current popular attack may be.

amonotod

____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at http://home.netscape.com/webmail

• Next message: Matthew King: "Re: non-scriptkiddie IRC Channel for Vuln-Dev"
• Previous message: Robert Collins: "patch for squid error page vulnerability"
• Maybe in reply to: Ryan Yagatich: "Summary of IIS 4.0/5.0 Unicode thread (end of thread?)"
• Maybe reply: amonotod: "Re: Summary of IIS 4.0/5.0 Unicode thread (end of thread?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]