[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Sending remote procedure calls through e-mail (RPC-Mail)

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Sending remote procedure calls through e-mail (RPC-Mail)
From: michael williamson <michael@xxxxxxxxxxxxxxxxx>
Date: Wed, 20 Oct 2004 07:34:06 -0500

Someone could use an email scheme like this to to trigger an outbound
secure shell connection with ports forwarded from the machine its
connecting to back to the machine making the connection.  In this way
any firewall that allows SSH can be perforated. 

(now replace the afformentioned email sceme with dumb users)...I how
much spyware already does stuff like this?  This sure does demonstrate
how _useless_ NAT really is for security. 

-Michael

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Sending remote procedure calls through e-mail (RPC-Mail)
  - From: zeedo

References:
- [Full-Disclosure] Sending remote procedure calls through e-mail (RPC-Mail)
  - From: Abe Usher
- Re: [Full-Disclosure] Sending remote procedure calls through e-mail (RPC-Mail)
  - From: Barrie Dempster

Prev by Date: Re: [Full-Disclosure] Web browsers - a mini-farce
Next by Date: [Full-Disclosure] Re: IE bugs (Was: Web browsers - a mini-farce)
Previous by thread: Re: [Full-Disclosure] Sending remote procedure calls through e-mail (RPC-Mail)
Next by thread: Re: [Full-Disclosure] Sending remote procedure calls through e-mail (RPC-Mail)
Index(es):
- Date
- Thread