Re: [fw-wiz] Jboss in a DMZ?

• Previous message: Melson, Paul: "RE: [fw-wiz] Licensing Errors in Symentec EF"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Adam Shostack <adam@homeport.org>
Date: Mon, 6 Oct 2003 14:42:12 -0400 (EDT)

bugtraq'ed today:

================================
Illegalaccess.org Security Alert
================================

Date : 10/04/2003
Application : JBoss, java server for running J2EE enterprise
              applications
Version : 3.2.1
Website : http://www.jboss.org
Problems : Denial-Of-Service,
              Log Manipulation,
              Manipulation of Process variables,
              Arbitrary Command Injection

Might take alot of lockdown work!

Thanks,

Ron DuFresne

On Tue, 30 Sep 2003, Adam Shostack wrote:

> I'm looking to deploy jboss in a security sensitive (dmz-like)
> situation. Jboss wants to listen on a lot of ports, and my attempts
> to firewall it (using ipfilter) aren't going well.
>
> Has anyone done this? Are you willing to share the firewalling rules
> you used? Allowing all localhost->localhost didn't work. Will jboss
> respect tcp wrappers? Is there a way to specify listen on localhost
> only in the attributes?
>
> Naively throwing locahost:8083 in here (service.xml) didn't work:
>
>
> <mbean code="org.jboss.web.WebService"
> name="jboss:service=Webserver">
> <attribute name="Port">8083</attribute>
>
>
> Adam
>
>

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Melson, Paul: "RE: [fw-wiz] Licensing Errors in Symentec EF"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Security alert by Norton Firewall ... >My 2001 Norton Firewall v. 2.5 showed a Security alert. ... how come the Norton Antivirus does not detect it? ... As to those trojan alerts, usually they are just harmless pings. ... Modify button - Tracking tab - uncheck Create Security Alert. ... (comp.security.firewalls) Re: Security alert by Norton Firewall ... >My 2001 Norton Firewall v. 2.5 showed a Security alert. ... how come the Norton Antivirus does not detect it? ... As to those trojan alerts, usually they are just harmless pings. ... Modify button - Tracking tab - uncheck Create Security Alert. ... (comp.security.firewalls) Re: stop the pop up windows ... Additionally, a disabled messenger service ... can't very well act as a "back-up security alert" to tell the user ... that his/her firewall has failed. ... (microsoft.public.windowsxp.security_admin) [fw-wiz] Jboss in a DMZ? ... I'm looking to deploy jboss in a security sensitive (dmz-like) ... Jboss wants to listen on a lot of ports, ... to firewall it aren't going well. ... (Firewall-Wizards) Re: JBoss: EJB3 =?ISO-8859-1?Q?verschl=FCsseln?= ... > Ein JBoss server soll hinter einer Firewall laufen. ... Prev by Date: ... Next by Date: ... (de.comp.lang.java)