Re: Netscreen 5XT SSH Traffic
From: Michael Peppard (mpeppard_at_impole.com)
Date: 03/18/05
- Previous message: Dante Mercurio: "RE: Netscreen 5XT SSH Traffic"
- Maybe in reply to: Ben Blakely: "Netscreen 5XT SSH Traffic"
- Next in thread: Ben Blakely: "Re: Netscreen 5XT SSH Traffic"
- Reply: Ben Blakely: "Re: Netscreen 5XT SSH Traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 18 Mar 2005 17:39:53 -0500 To: incidents@securityfocus.org
Dante Mercurio wrote:
> I can't tell from your email what indications you currently have
> thatthis came through the firewall and was not spoofed from the inside
> in some manner. I've always found the Netscreen to be a pretty secure
> device and this would be a serious flaw. Are there any other methods
> onto the network such as dial-in, VPN, or vendor connections? Attacks
> can originate from any of these without a flaw in the firewall software.
>
> M. Dante Mercurio, CISSP, CWNA, Security+, SCSP
Or much more likely, he has a compromised server. SSH traffic in a
restricted area is the single biggest give-a-way that you've been
compromised.
-Mike
- Previous message: Dante Mercurio: "RE: Netscreen 5XT SSH Traffic"
- Maybe in reply to: Ben Blakely: "Netscreen 5XT SSH Traffic"
- Next in thread: Ben Blakely: "Re: Netscreen 5XT SSH Traffic"
- Reply: Ben Blakely: "Re: Netscreen 5XT SSH Traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
