-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: Bill Pennington [mailto:billpat_private] > Sent: Tuesday, October 02, 2001 9:55 AM > > I try to keep it simple. I setup an IIS 5 box and a firewall. > configure > the firewall to allow only port 80 in but everything out. > Then just use > the null.printer overflow. Simple effective and short. No > need to drive > the GUI or anything most people just get it. [...] And also very effective is this: Once in, upload shutdown.exe from the RK, and shut the web server off remotely. Once people see that an attacker on the web can actually 'turn your lights off', a light bulb above their head goes on. (This is for those who are not impressed when you demonstrate how you can plunder the corporate database server remotely.) Regards, Frank -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME (X.509) encrypted email preferred. iQA/AwUBO7qvpZytSsEygtEFEQI5JwCfc6xV5SA7ls2Ae7sVx+7nFfxv5uQAoIPF fXrJZB9l9vIqSlEh6+Wjre5O =hd2s -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 11:05:29 PDT