[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Security breach
Can anyone advise on how to stop people from somehow using http to bypass the security policy and connecting to other ports? I get references in my firewall1 log like this: "accept" "http" "attacker" "srvr (valid Address)" "tcp" "13" "50776" "accept" "http" "attacker" "srvr (Valid Address)" "tcp" "13" "50933" "accept" "http" "attacker" "srvr (Valid Address)" "tcp" "13" "50935" Rule 13 only allows http. How are they doing this? Any idea? the web server that was scanned has entries like this: /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir /c+dir 404 3 604 66 80 - (this may be part of sadmind?) although im unsure if the web server furnished the request, the "404" would seem to indicate not. Any help would be appreciated Rick __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|