On Mon, Apr 09, 2001 at 03:48:15PM -0300, Nelson Brito wrote: > > >Does anybody know about a database where one can find > > >for any port, i.e. 25 SMTP, the possible > > >vulnerabilities or exploits? > What he wants is a completely list about BUG for PORT NUMBER, example: > 25 TCP - Sendmail mime overflow, Lotus MAIL FROM overflow, CMail's MAIL FROM > overflow, NTMail3 spam feature, etc... > > Unfortunately, I can't point out a database whit this approach, Which is a Good Thing, because it's a fundamentally flawed approach. Attempting to pick vulnerabilities based on such an approach completely misses out a whole (necessary) level of understanding. Thinking about it a little further, I can't see any possible value to such an approach other than to answer the question "how do I crack into this machine?" If you are responsible for protecting a machine, you should know what software is running on it, and on what ports. Then you can look up vulnerabilities of those pieces of software. If you don't know what's got a port open on a machine that you're supposed to be looking after, *FIND OUT*. Don't try to short-cut the thought process necessary to get you to the answer, for if you do then you shall deservedly make mistakes which shall come back to haunt you. -- Nick Phillips -- nwp@lemon-computing.com Tomorrow, you can be anywhere.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 16:41:30 PDT