Great Circle Associates Firewalls
(October 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: DNS on the Firewall - security problem
From: Alfred Huger <ahuger @ silence . secnet . com>
Date: Fri, 10 Oct 1997 14:12:22 -0600 (MDT)
To: Adam Shostack <adam @ homeport . org>
Cc: Marc . Heuse @ mail . deuba . com, firewall-wizards @ nfr . net, firewalls @ GreatCircle . COM
In-reply-to: <199710101151 . HAA21529 @ homeport . org> 
> there is no egg* to overflow and break a chroot.  Thus, if you don't
> put CHROOT/bin/sh in place, the standard attacks will fail, but a
> smart attacker can still get in.  In practicality, there are few smart
> attackers.
> 

It only takes *one* smart attacker with a subscription to Bugtraq and a
predeliction to share his or her work. The l0pht (which you referanced) is
a perfect example of this.  



/****************************************************************************
Alfred Huger					http://www.secnet.com/ballista
Project Director				ahuger @
 secnet .
 com
Secure Networks Inc. (SNI)
*****************************************************************************/
Follow-Ups:
References:
Indexed By Date Previous: no subject
From: Justface @ aol . com
Next: IE 4.0
From: dcostello @ cmol . com
Indexed By Thread Previous: Re: DNS on the Firewall - security problem
From: Adam Shostack <adam @ homeport . org>
Next: Re: DNS on the Firewall - security problem
From: Adam Shostack <adam @ homeport . org>
Google
 
Search Internet Search www.greatcircle.com