Does nobody on the list know what SSH port forwarding is? I am running the first two commands from a remote machine (connecting to the sipxecs machine) in separate terminals to forward my local 25 port to the sipxecs box, and the 25 port on the sipxecs box locally. The third command is run locally on the remote machine. This exploit gives the remote machine access to port 25 on the SipXecs box even if all other ports are blocked. This could be used for any port that is blocked by firewall, ids, etc, if the remote machine has ssh access to the sipxecs box.
~Noah On Nov 16, 2012, at 1:34 PM, Gerald Drouillard <gerryl...@drouillard.ca<mailto:gerryl...@drouillard.ca>> wrote: On 11/16/2012 12:45 PM, Noah Mehl wrote: Tony, I just figured out an exploit in 15 minutes with the help of Google http://www.semicomplete.com/articles/ssh-security/: $sudo ssh -vN -L25:localhost:25 PlcmSpIp@sipxecsip $sudo ssh -vN -R25:localhost:25 PlcmSpIp@sipxecsip $telnet localhost 25 Of course you can telnet to port 25 (smtp) on the server to localhost. You have sendmail running on local host. If your sendmail is configured properly you will not be able to access port 25 for another machine or the real ip address of the server. -- Regards -------------------------------------- Gerald Drouillard Technology Architect Drouillard & Associates, Inc. http://www.Drouillard.biz<http://www.drouillard.biz/> _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org<mailto:sipx-users@list.sipfoundry.org> List Archive: http://list.sipfoundry.org/archive/sipx-users/ Scanned for viruses and content by the Tranet Spam Sentinel service.
_______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/