Home |
Search |
Today's Posts |
#1
|
|||
|
|||
FREE MARTHA - Software ?
Interesting info Nanook, wondering if Neo Trace can work with WindowsXP?
Cheers Wendy "nanook" wrote in message ... Weasels!! It is getting to be such a pain in the but to run computers on line 24/7. I have a good size LAN in my home, and I have to run a hardware firewall, all my routers have hardware firewalls running, all my machines run six different software firewalls and antivirus and trojan and pop up blockers! half my dang resources are just for all the protection needed to allow my machines to run S.E.T.I. and send info back and forth without user intervention. I also have a prog called Neo trace that allows you to trace back to machines that are pinging your machine to see if they can get in. I love to use this and then flood that machine with pings or if they don't stop I have a hook prog that can and will destroy all info on the offending box! Very evil and probably highly illegal, but hey, they shouldn't be trying to use my IP for there illegal and immoral activities! Thank for the alert Mick Happy Green stuff Y'all NANOOK On Fri, 6 Jun 2003 01:10:33 -0400, "Mick Fournier" wrote: Oooooo.... whoa there Big Fella, When I just sent the above post my Black Ice Firewall went bizerko. Seems this Ytonjax fella is deliberately exploiting a NNTP "weakness" that allows him access into some machines. The pipe "|" symbol in the subject line creates an opportunity for him to pass a command back to the user's computer/server somehow. Internet Security Systems summarizes the breach in security as follows: http://www.iss.net/security_center/a.../Methods/Techn ical/Passthrough/default.htm which reads: Many applications, services, and operating systems are built with a modular approach. Because of this, input provided by the user may pass through multiple modules. What is accepted by one module may cause a problem within another module. The classic example of this is the "PIPE passthrough" bug, which afflicts e-mail servers, FTP servers, web servers, scripting languages, and the like. For example, many PERL programs allow the user to input a filename, and then pass the filename to the a program via a shell command. However, the shell may interpret characters differently than the PERL program. In particular, if the user puts a PIPE character (|) as part of the file name, the shell will instead attempt to execute the rest of the "filename" as a program. The attacking user simply creates an interesting program that allows them to break into the system. I am not very sure that I understand exactly the ramifications of this newsgroup "exploit" but I am going to investigate it further. Maybe lurker PERL expert Patrick Smith can shed some light on this? http://www.iss.net/security_center/a...?command=----- ----_ytonjax%7c_***_!!!_FREE_MARTHA_!!!_***________ _______ You can click on the above link to get the details on this possible vulnerability. Make sure you include all the final underscoring marks in your copy & paste of the above URL if you want to read the report. Mick |
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
Free Website, Free Domain, Free Installation, Free Scripts | United Kingdom | |||
*** !!! FREE MARTHA !!! *** | Gardening | |||
*** !!! FREE MARTHA !!! *** |--------- nispuvo | Roses | |||
*** !!! FREE MARTHA !!! *** |--------- wedgib | Ponds | |||
*** !!! FREE MARTHA !!! *** |--------- ilultimy | Bonsai |