Re: Netscreen 5XT SSH Traffic
From: Ben Blakely (bab_at_iastate.edu)
Date: 03/19/05
- Previous message: Michael Peppard: "Re: Netscreen 5XT SSH Traffic"
- In reply to: Michael Peppard: "Re: Netscreen 5XT SSH Traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 19 Mar 2005 11:32:58 -0600 To: incidents@securityfocus.org
Hello List,
Thank you all for your input! I am taking all of your comments into
consideration. Additionally, Juniper has become aware of this issue and
I am working with them to investigate the issue to the fullest extent
possible. Once it is resolved, I will post the findings here.
/ben Blakely
Michael Peppard wrote:
> Dante Mercurio wrote:
>
>> I can't tell from your email what indications you currently have
>> thatthis came through the firewall and was not spoofed from the
>> inside in some manner. I've always found the Netscreen to be a pretty
>> secure device and this would be a serious flaw. Are there any other
>> methods onto the network such as dial-in, VPN, or vendor connections?
>> Attacks can originate from any of these without a flaw in the
>> firewall software.
>>
>> M. Dante Mercurio, CISSP, CWNA, Security+, SCSP
>
>
>
> Or much more likely, he has a compromised server. SSH traffic in a
> restricted area is the single biggest give-a-way that you've been
> compromised.
>
> -Mike
- Previous message: Michael Peppard: "Re: Netscreen 5XT SSH Traffic"
- In reply to: Michael Peppard: "Re: Netscreen 5XT SSH Traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
