Re the last post in Firewall Digest, V4 #650 about BSDI 2.0 being used for
a firewall instead of Windows NT - as U.S. Navy and some government
agencies are finding out through experience, Windows NT re-introduces
many security holes that were closed in Unix. The concept of trusted
groups of servers brings back all the rhosts problems.
Without getting into specifics, it is possible to hack Windows NT in a
manner that is undetectable and untraceable. Not a good choice for
connecting to the Internet, or to a dial-up line either. Probably the
easiest way to bust into a site today is to find a dial-up to a Windows
NT box. It's out of the box defaults turn off most security and creates
at lest one account without a password and another that can easily be
But help is at hand for those who have been inflicted with Windows 95
boxes and Windows NT boxes on their LAN's. Christopher Klaus's Internet
Security Scanner can find the holes in these boxes as well in X.25
gateways and the old dinosaur Unix boxes. Nope, I don't know him, and he
don't know me.
Bottom line is, if you use a Windows NT box as a firewall, you deserve
the hacking you get.
Sick Puppy, the Cat_Eating_Dawg
Photonic & Tachyonic Systems Engineer
of the Stealth Starship Dark Matter
-=:( Chained, whipped, beaten and severely abused in Katherine's Dungeon ):=-
-=:( How could anything that feels so good be so wrong ):=-