Full Disclosure mailing list archives

Re: Re: CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass

From: Shawn McMahon <smcmahon () eiv com>
Date: Wed, 4 Jun 2003 12:34:43 -0400

On Mon, Jun 02, 2003 at 03:36:52PM -0500, Brent J. Nordquist said:


LOL, oops.  Someone pointed out to me a while back that RFC 2606 reserves 
"example.com" "example.org" and "example.net" for this kind of purpose.


Even barring such considerations as DNS poisoning, wags at ICANN setting
up SMTP servers, etc., it still doesn't strike me as optimal to have
thousands of machines attempting constant SMTP connections to
192.0.34.166 just because an RFC mentioned it was possible.


-- 
Shawn McMahon     | Let every nation know, whether it wishes us well or ill,
EIV Consulting    | that we shall pay any price, bear any burden, meet any
UNIX and Linux    | hardship, support any friend, oppose any foe, to assure
http://www.eiv.com| the survival and the success of liberty. - JFK

Attachment: _bin
Description:

Current thread:

Re: Re: CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass Shawn McMahon (Jun 02)
- <Possible follow-ups>
- Re: Re: CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass Brent J. Nordquist (Jun 02)
  - example.{com,org,net} Brian Hatch (Jun 02)
  - Re: Re: CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass Shawn McMahon (Jun 04)