Interesting info Nanook, wondering if Neo Trace can work with WindowsXP?
Cheers Wendy
"nanook" wrote in message
...
Weasels!!
It is getting to be such a pain in the but to run computers on line
24/7. I have a good size LAN in my home, and I have to run a hardware
firewall, all my routers have hardware firewalls running, all my
machines run six different software firewalls and antivirus and trojan
and pop up blockers! half my dang resources are just for all the
protection needed to allow my machines to run S.E.T.I. and send info
back and forth without user intervention. I also have a prog called
Neo trace that allows you to trace back to machines that are pinging
your machine to see if they can get in. I love to use this and then
flood that machine with pings or if they don't stop I have a hook prog
that can and will destroy all info on the offending box! Very evil and
probably highly illegal, but hey, they shouldn't be trying to use my
IP for there illegal and immoral activities!

Thank for the alert Mick
Happy Green stuff Y'all
NANOOK

On Fri, 6 Jun 2003 01:10:33 -0400, "Mick Fournier"
wrote:

Oooooo.... whoa there Big Fella,

When I just sent the above post my Black Ice Firewall went bizerko.
Seems
this Ytonjax fella is deliberately exploiting a NNTP "weakness" that
allows
him access into some machines. The pipe "|" symbol in the subject line
creates an opportunity for him to pass a command back to the user's
computer/server somehow.

Internet Security Systems summarizes the breach in security as follows:

http://www.iss.net/security_center/a.../Methods/Techn
ical/Passthrough/default.htm
which reads:
Many applications, services, and operating systems are built with a
modular
approach. Because of this, input provided by the user may pass through
multiple modules. What is accepted by one module may cause a problem
within
another module.
The classic example of this is the "PIPE passthrough" bug, which afflicts
e-mail servers, FTP servers, web servers, scripting languages, and the
like.
For example, many PERL programs allow the user to input a filename, and
then
pass the filename to the a program via a shell command. However, the
shell
may interpret characters differently than the PERL program. In
particular,
if the user puts a PIPE character (|) as part of the file name, the shell
will instead attempt to execute the rest of the "filename" as a program.
The
attacking user simply creates an interesting program that allows them to
break into the system.

I am not very sure that I understand exactly the ramifications of this
newsgroup "exploit" but I am going to investigate it further. Maybe
lurker
PERL expert Patrick Smith can shed some light on this?


http://www.iss.net/security_center/a...?command=-----
----_ytonjax%7c_***_!!!_FREE_MARTHA_!!!_***________ _______

You can click on the above link to get the details on this possible
vulnerability. Make sure you include all the final underscoring marks in
your copy & paste of the above URL if you want to read the report.

Mick