Great Circle Associates Firewalls
(March 1994) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Hey the crackers have a new twist 8-(.
From: ericm @ MicroUnity . com (Eric Murray)
Date: Sat, 26 Mar 94 11:32:42 PST
To: sean+ @ andrew . cmu . edu (Sean McLinden)
Cc: firewalls @ GreatCircle . COM, rouilj @ terminus . cs . umb . edu
In-reply-to: <EhZ810G00iV7I2CEwq @ andrew . cmu . edu>; from "Sean McLinden" at Mar 26, 94 1:34 pm 
Sean McLinden wrote:
> 
> 
>[Description of mailing a script to a shell on sendmail-based systems deleted.]

I like the built-in socks part.  Cute.

Perhaps the next version of socks should provide some sort of
encrypted token exchange to allow only 'approved' clients to connect, even
from inside your bastion host...

> This "sort of attack" was the basis for the Morris Internet Worm which
> attracted (inter)national attention a few years back (I always preferred
> the term "Trojan Horse")

Um, I thought the sendmail hole the the Morris worm used was
the infamous 'wizard' mode, where you telnetted into the sendmail port
and typed 'wizard'.  Then sendmail just asked for a password
and if you provided it, dropped you in to a root shell.


--
     ericm         ericm @
 microunity .
 com
Follow-Ups:
References:
Indexed By Date Previous: Re: Hey the crackers have a new twist 8-(.
From: Brent Chapman <brent @ mycroft . GreatCircle . COM>
Next: Re: Hey the crackers have a new twist 8-(.
From: Icarus Sparry <ccsis @ ss1 . bath . ac . uk>
Indexed By Thread Previous: Re: Hey the crackers have a new twist 8-(.
From: Sean McLinden <sean+ @ andrew . cmu . edu>
Next: Re: Hey the crackers have a new twist 8-(.
From: Icarus Sparry <ccsis @ ss1 . bath . ac . uk>
Google
 
Search Internet Search www.greatcircle.com