Penetration Testing mailing list archives
Re: Internal Servers (noob post)
From: Remo Cornali <remo.cornali () alice it>
Date: Fri, 05 Jun 2009 11:02:20 +0200
R. DuFresne ha scritto:
A few years ago, the network of one of Italy's biggest publishers of newspapers and bookssomething solid on the actualy threat from internal users and admins?
went titsup. The Code Red worm had infected all internal IIS web servers.The network was behind an adeguate firewall. How could the worm have penetrated the firewall?
A simple answer: it did not.A consultant had brought his laptop with him and had connected it to the net.
His laptop had been infected with the Code Red worm, and so the firewall had simply been bypassed.Since then, policies have been updated, and you cannot connect to the network, if your
MAC address is not known to the admins. Ciao! Remo ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Internal Servers (noob post) misconceptions persist;, (continued)
- Re: Internal Servers (noob post) misconceptions persist; R. DuFresne (Jun 26)
- Re: Internal Servers (noob post) Terry M (Jun 03)
- Re: Internal Servers (noob post) Muhammad Farooq-i-Azam (Jun 03)
- RE: Internal Servers (noob post) Gorgon Beast (Jun 03)
- RE: Internal Servers (noob post) R. DuFresne (Jun 04)
- Re: Internal Servers (noob post) Don Miesle (Jun 04)
- Re: Internal Servers (noob post) R. DuFresne (Jun 12)
- Re: Internal Servers (noob post) Jeffrey Walton (Jun 04)
- Re: Internal Servers (noob post) Wim Remes (Jun 04)
- Re: Internal Servers (noob post) R. DuFresne (Jun 12)
- RE: Internal Servers (noob post) R. DuFresne (Jun 04)
- Re: Internal Servers (noob post) Remo Cornali (Jun 08)
- Re: Internal Servers (noob post) Sanjay Badala (Jun 08)