Kevin Poulsen, SecurityFocus 2000-08-07
The latest in backdoor programs comes in through your web browser.
Colapse all |
Post comment
What ports does Brown orifice use, how can it be detected?
2000-08-08
Sean Boran (2 replies)
Sean Boran (2 replies)
What ports does Brown orifice use, how can it be detected?
2000-08-08
morphon (at) yahoo (dot) com [email concealed]
morphon (at) yahoo (dot) com [email concealed]
If you check on his site, you will notice that the port is user-specifiable, so it could run on ANY port. However, it defaults to port 8080 (a port well known for running httpd on a box not owned as root), so it shouldn't be that hard to track as default. Anyone wanting to cover their tracks would n...
[ more ] [ reply ]
[ more ] [ reply ]
What ports does Brown orifice use, how can it be detected?
2000-08-08
Henri Torgemane <henri_torgemane (at) yahoo (dot) com [email concealed]>
Henri Torgemane <henri_torgemane (at) yahoo (dot) com [email concealed]>
It might be obvious, but just to clarify a bit, Brown Orifice is just a "nice" proof of concept for the 2 bugs.
Should someone decide to write an exploit using only the local filesystem access vulnerability to grab a few well-known critical files, you won't have a listening port to detect and it wi...
[ more ] [ reply ]
Should someone decide to write an exploit using only the local filesystem access vulnerability to grab a few well-known critical files, you won't have a listening port to detect and it wi...
[ more ] [ reply ]
Re: Beware 'Brown Orifice'
2000-08-09
Lori Carrig (2 replies)
Lori Carrig (2 replies)
All:
I just tryed to access a host behind my firewall utilizing Network Address Translations and guess what! The flaw was trying to access my Firewall router's IP address, NOT my translated IP address. (10.0.0.24 for example) This is not a fix for internal attackers but would make it a bit hard...
[ more ] [ reply ]
I just tryed to access a host behind my firewall utilizing Network Address Translations and guess what! The flaw was trying to access my Firewall router's IP address, NOT my translated IP address. (10.0.0.24 for example) This is not a fix for internal attackers but would make it a bit hard...
[ more ] [ reply ]
Re: Beware 'Brown Orifice'
2000-08-11
netapi (2 replies)
netapi (2 replies)
With Netscape (and with Netscape only) a webpage CAN find your IP-address behind a firewall!!! So there goes our security... Netscape sux!!! I'd delete it right away... Come on; a browser that can't even get its frames at the right size should protect my files, I don't think so! :)...
[ more ] [ reply ]
[ more ] [ reply ]
IP not snatchable from IE? well sorta.
2000-08-11
henri torgemane
henri torgemane
a small test on IE5 with an applet doing a
System.out.println(InetAddress.getLocalHost());
generate a security exception, which is good.
What is not so good is the text of that security exception:
com.ms.security.SecurityExceptionEx[Test.init]: cannot access "hostname.goes.here"
kinda defea...
[ more ] [ reply ]
System.out.println(InetAddress.getLocalHost());
generate a security exception, which is good.
What is not so good is the text of that security exception:
com.ms.security.SecurityExceptionEx[Test.init]: cannot access "hostname.goes.here"
kinda defea...
[ more ] [ reply ]
Re: Beware 'Brown Orifice'
2000-08-17
Orca_sniff
Orca_sniff
Please detail how a web-page can find your IP address behind a firewall. All firewall's I know do network address translation, so that "web page" is really only connecting through a firewall's designated port to a designated IP, not YOUR IP. Your browser may display your back-end IP as if it were o...
[ more ] [ reply ]
[ more ] [ reply ]
...
[ more ] [ reply ]