Firewall Wizards mailing list archives
BO2k : was (Re: how to block ICMP tunneling?)
From: Jason Brvenik <jbrvenik () teksystems com>
Date: Tue, 20 Jul 1999 10:04:41 -0400
Jason - UnLurking begin snip
BO2k is, to me, a demonstration of where firewalls stop being useful. The attacker gets his back door onto your network, converting a trusted machine into his base of operations. You now have a problem that an 'insider' can start doing nasty stuff inside your firewall.
end snip BO2k does nothing that can't already be done. If you have proper security in place and have taken the time to educate your users actually getting BO2k onto a targets machine becomes harder than the end objective. There are numerous _remote_ administration tools and _trojans_ that have been in existence for some time. SubSeven is one that just recently got named and will likely show up in virus scanners soon but has a lot of the features (capabilities) of BO2k and was around when BO2k was just a rumor. There are currently ~30 trojan apps with similar features available on the net. Worry more about local security and trust relationships than the potential threat of an intrusion by an employee. You should be focusing on the rule not the exception and by doing you will greatly reduce the threat of the exception. -- =========================================================== CONFIDENTIALITY NOTICE: E-mail may contain confidential information that is legally privileged. This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error, please immediately notify me by reply e-mail, or by telephone at (410) 579-4037 and destroy the original transmission and its attachments without reading or saving in any manner. Thank you. ===========================================================
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- how to block ICMP tunneling? Razvan Peteanu (Jul 16)
- Re: how to block ICMP tunneling? Darren Reed (Jul 18)
- Re: how to block ICMP tunneling? Sebastian Krahmer (Jul 19)
- Re: how to block ICMP tunneling? Ted Doty (Jul 18)
- Re: how to block ICMP tunneling? Adam Shostack (Jul 19)
- BO2k : was (Re: how to block ICMP tunneling?) Jason Brvenik (Jul 20)
- <Possible follow-ups>
- RE: how to block ICMP tunneling? Jason Diesel (Jul 19)
- RE: how to block ICMP tunneling? Kevin Steves (Jul 26)
- RE: how to block ICMP tunneling? Kyle Starkey (Jul 19)
- Re: how to block ICMP tunneling? Joseph S D Yao (Jul 20)
- Re: how to block ICMP tunneling? Chris Brenton (Jul 20)
- Re: how to block ICMP tunneling? carson (Jul 21)
- Re: how to block ICMP tunneling? Geva Patz (Jul 20)
- RE: how to block ICMP tunneling? Marcus J. Ranum (Jul 19)
- Re: how to block ICMP tunneling? Steven M. Bellovin (Jul 20)
- RE: how to block ICMP tunneling? Ben Nagy (Jul 20)
(Thread continues...)
- Re: how to block ICMP tunneling? Darren Reed (Jul 18)