RE: CRIME AOL Backdoor?

From: Alan (alan@private)
Date: Mon Jun 24 2002 - 20:51:45 PDT

Next message: Zot O'Connor: "Re: CRIME Netcraft Ethics"

Previous message: Andrew Plato: "RE: CRIME AOL Backdoor?"
In reply to: Andrew Plato: "RE: CRIME AOL Backdoor?"
Next in thread: Jeffrey_Korte/Security/FCNB/Spgla@private: "Re: CRIME AOL Backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2002-06-24 at 19:11, Andrew Plato wrote:
> 
> > Object lesson: Firewalls are *useless* at preventing the exporting of 
> > content from your site. If someone inside is determined to 
> > get some kind 
> > of protocol to talk to something outside, and you allow *any* kind of 
> > connection out, then they can obscure or encrypt the traffic 
> > so that you won't see it.
> 
> Which is why you need an IDS on both sides of that firewall - preferably
> every box in your organization. It isn't enough to stop traffic. Got to
> sniff it and see if there's anything stinky in those payloads. Ewwww,
> FTP over DNS. 

And for every hole you plug, another will be created by someone who is
being creative.

I remember seeing an implementation of ftp over icmp.

And don't bend over for the SOAP.

Next message: Zot O'Connor: "Re: CRIME Netcraft Ethics"
Previous message: Andrew Plato: "RE: CRIME AOL Backdoor?"
In reply to: Andrew Plato: "RE: CRIME AOL Backdoor?"
Next in thread: Jeffrey_Korte/Security/FCNB/Spgla@private: "Re: CRIME AOL Backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 23:24:10 PDT