Re: TCP port 5000 syn increasing

Valdis.Kletnieks_at_vt.edu
Date: 05/19/04

  • Next message: Bob: "Re: TCP port 5000 syn increasing"
    To: Andreas <andreas@conectiva.com.br>
    Date: Wed, 19 May 2004 14:20:00 -0400
    
    
    

    On Tue, 18 May 2004 18:56:14 -0300, Andreas <andreas@conectiva.com.br> said:
    > On Tue, May 18, 2004 at 05:30:43PM -0400, Valdis.Kletnieks@vt.edu wrote:
    > > I'm waiting for the first worm that tunnels over HTTP port 80, as a number
    > > of protocols already do, to get around firewalls that only pass 25 and 80. ;)
    >
    > It would have to be "de-tunneled" on the inside to do something useful. Either
    > the network is already compromised, or it exploits something on that specific
    > service.

    Leverage existing code.

    Windows 2003 already knows how to tunnel RPC over https.

    And quite frankly, any sentence that has "Windows" and "RPC" in it is all too
    close to "already compromised"......

    
    



  • Next message: Bob: "Re: TCP port 5000 syn increasing"