Full Disclosure mailing list archives
Re: HTTP AUTH BASIC monowall.
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Wed, 15 Mar 2006 12:39:06 -0500
As suspected... so I am correct; and it is a security threat. I can compromise a network, arp poison it, MiTM, access the firewall, distributed metastasis, presto... owned...
If you're at a point where you have access to the broadcast medium shared by the firewall -- why would you even need to setup a MitM attach against it -- you're already in.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: HTTP AUTH BASIC monowall., (continued)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Jeremy Bishop (Mar 16)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Nick FitzGerald (Mar 16)
- Re: HTTP AUTH BASIC monowall. Felix Lindner (Mar 17)
- Re: HTTP AUTH BASIC monowall. Brian Eaton (Mar 17)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 17)
- Re: HTTP AUTH BASIC monowall. Jason (Mar 17)
- Re: HTTP AUTH BASIC monowall. Mark Coleman (Mar 16)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 15)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. Nick FitzGerald (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. bkfsec (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)