Greetings!
Brian Steele schrieb:
> Hmm.. Can someone give an example of how a "compromise" that opens the
> internal network to the attacker could work, if the proxy server is passing
> only HTTP traffic on port 80 between the internal server and the Internet
> client?
With the right buffer-overflow you can transfer and execute arbitrary code to
and on the attacked webserver. For example the Microsoft IIS comes (by default)
with some sample-scripts that do have such known exploits.
You do not always need a Telnet connection to be able to run exploits... ;-)
Bye
Volker
--
Volker Tanger <[EMAIL PROTECTED]>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
