[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] fpipe - interesting security experiment
- Subject: Re: [cobalt-security] fpipe - interesting security experiment
- From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
- Date: Fri, 15 Jun 2001 08:50:24 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> Not according to the text on the webpage. fpipe allows you to specify the
> *source* port of connections, and the destination port, if you point
packets
> at whichever host it's running on and at the port it's listening on
( -s, -r
> and -l respectively ).
Ohhhh, I get it... that makes more sense... I suppose then that this tool
would be more useful for getting out from behind a firewall with restrictive
access rules.
> It doesn't allow you to connect to that port on the *remote* server you're
> trying to connect to, and then somehow jump to a different port. ( if it
> did, your comment of "scary" is lacking the necessary 100 exclamation
marks
> )
Now see that's what I was thinking!
> EITHER the IP address you're connecting from is allowed to connect through
> the firewall to the admin server anyway, so all fpipe is doing is sending
> those packets from a low source port.
As it turns out, the admin at the other end altered the config so he could
access the user admin from home... its a good thing I found it!
Thanks,
Kevin