> I just thought of a way to potentially subvert a firewall using appletalk.
> I'm going to have to review the Appletalk situation here... :-(
>
> 1. Find a poorly configured Mac which allows file-sharing to its
> System Folder.
> 2. Write an ethernet-sniffing INIT and drop it into the System Folder.
> 3. Wait for the Mac to be rebooted and collect the traffic.
> 4. Read the results, and hope that some useful info is there.
>
> I'm not saying the above is easy, but I think the theory looks right.
Your theory is sound, and not hard to implement.
Principle: ANY system (no matter what make/OS) on an Ethernet must be
secured in order for the network to be secure. If it's not BEHIND
a firewall, then it IS a firewall. Even if it's a Mac with an ARA modem.
Leaving an externally accessible Mac with shared-writable system folder
is the Mac equivalent of NFS-sharing a UNIX root file system with world-
writable privileges. "Dear Hacker, we have a special this week..."
-- perry
---------------------------------------------------------------------------
Perry The Cynic perry @
cynic .
org
To a blind optimist, an optimistic realist must seem like an Accursed Cynic.
---------------------------------------------------------------------------
References:
|
|
