On Tuesday 21 Jan 2003 18:32 pm, Dave Watts wrote:
There's no need to allow outbound connections via IE or any other browser
on your production servers.
Correct, but if you go through the process of removing IE (is it possable on
Win2K any more ?), I suspect MS will no longer support your
: Goodbye cruel world
On Tuesday 21 Jan 2003 16:53 pm, Robertson-Ravo, Neil (RX) wrote:
I use BlackICE with no complaints...its really secure.
Software firewalls, on Windows, are pointless:
http://tooleaky.zensoft.com/
(exec. summ. : any process on Windows can script IE, and IE you will have
allowed
On Wednesday 22 Jan 2003 09:26 am, Robertson-Ravo, Neil (RX) wrote:
only blocking incoming unless specified otherwose and in the time
So you're not secure then ? Anything on your machine (email bourne malware for
instance) can make a connect back and steal all your data, and you'd never
know ?
simply delete or detect malicious ones
anyway
I have several open ports open but 99% of them are either closed or not
listening.
N
-Original Message-
From: Thomas Chiverton [mailto:[EMAIL PROTECTED]]
Sent: 22 January 2003 09:40
To: CF-Talk
Subject: Re: Goodbye cruel world
Quoting Thomas Chiverton [EMAIL PROTECTED]:
Correct, but if you go through the process of removing IE (is it possable on
Win2K any more ?), I suspect MS will no longer support your server.
I find that an interesting argument because I hear it all the time, yet I hear
from very few people that
Quoting Robertson-Ravo, Neil (RX) [EMAIL PROTECTED]:
but I still fail to see how a machine with a Sofware Firewall which
blocks all inbound traffic unless user allowed is insecure...
Simple. I sent you a virus with some malware, you double click and the malware
connects to me and I start
Correct, but if you go through the process of removing
IE (is it possable on Win2K any more ?), I suspect MS
will no longer support your server.
I wouldn't know about that - I wouldn't attempt to remove it, myself. I just
try to avoid having it usable from a production server console.
As
then the Firewall is
doing its job - its up the common sense and ability of the Email program to
capture maliscious emails.
N
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 22 January 2003 10:11
To: CF-Talk
Subject: RE: Goodbye cruel world
Quoting Robertson-Ravo
This is nonsense. Apart from the fact BlackICE does not
monitor outbound traffic - only blocking incoming unless
specified otherwose and in the time I have used it I
have had 100% security from it - which has been tested
by several 'how safe is your machine' tools.
Unfortunately, it
I can see EVERY ip/traffic coming in if I dont like it, I lock it down
but the firewall does that automatically anyhowit auto-blocks by default
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 22 January 2003 10:11
To: CF-Talk
Subject: RE: Goodbye cruel
so, all in all the argument is pretty moot, as if Email
malware is the only way to get into a Software Firewall
protected machine then the Firewall is doing its job -
its up the common sense and ability of the Email program
to capture maliscious emails.
Unfortunately, email malware isn't
one unfiltered URL data in a CFML page can exploit the machine?
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]]
Sent: 22 January 2003 10:23
To: CF-Talk
Subject: RE: Goodbye cruel world
This is nonsense. Apart from the fact BlackICE does not
monitor outbound traffic
I can see EVERY ip/traffic coming in if I dont like
it, I lock it down but the firewall does that automatically
anyhowit auto-blocks by default
How do you differentiate between good and bad traffic?
For example, if you run a web server, you open port 80, and it's open to the
world,
Quoting Robertson-Ravo, Neil (RX) [EMAIL PROTECTED]:
Erm, if I was stupid enough to double-click an attachment without [a] virus
checking it (which my apps do anyway) then I know its time to pack up and
move on..
Would an IRC client be caught by a virusscanner?
Jochem
The only traffic I allow into the machine is from other machines on the
network on the 192.168.0.X range. My Port 80 is open but it has been bound
to 127.0.0.1.
N
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]]
Sent: 22 January 2003 10:31
To: CF-Talk
Subject: RE: Goodbye
I do not see how one unfiltered URL data in a CFML
page can exploit the machine?
There are plenty of people who'd be happy to demonstrate it to you, I'm
sure. Google SQL injection and read all about SQL injection attacks, if
you're interested. The end goal of a typical SQL injection attack is
Yes, both of the apps running have found mIRC clients on the machine before
I invested in a Firewall! :-)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 22 January 2003 10:25
To: CF-Talk
Subject: RE: Goodbye cruel world
Quoting Robertson-Ravo, Neil (RX
What id your IIS is in the 'LockDown' state?
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]]
Sent: 22 January 2003 10:35
To: CF-Talk
Subject: RE: Goodbye cruel world
I do not see how one unfiltered URL data in a CFML
page can exploit the machine?
There are plenty
What if your IIS is in the 'LockDown' state?
If you run the IIS Lockdown tool, it allows you to disable various pieces of
IIS functionality to avoid any vulnerabilities in those pieces. That's a
good thing, because these IIS pieces are typically chock-full of buffer
overflows and other problems,
The only traffic I allow into the machine is from
other machines on the network on the 192.168.0.X range.
My Port 80 is open but it has been bound to 127.0.0.1.
My point is simply that if you allow any inbound traffic from other
machines, those machines can potentially compromise your
Quoting Robertson-Ravo, Neil (RX) [EMAIL PROTECTED]:
I fail to see how it can be exploited?My AV software will capture the
bad things, my firewall will block ALL types of traffic coming into my
machine by default. All uncessary ports have been disbled from listening
and the only ones I
.
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]]
Sent: 22 January 2003 10:44
To: CF-Talk
Subject: RE: Goodbye cruel world
What if your IIS is in the 'LockDown' state?
If you run the IIS Lockdown tool, it allows you to disable various pieces of
IIS functionality to avoid
Quoting Robertson-Ravo, Neil (RX) [EMAIL PROTECTED]:
Yes, both of the apps running have found mIRC clients on the machine before
I invested in a Firewall! :-)
I am not talking about some standard IRC client, but about those custom made to
run as a trojan, or worse, those designed to replace
that my machine is at present
100% secure.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 22 January 2003 10:40
To: CF-Talk
Subject: RE: Goodbye cruel world
Quoting Robertson-Ravo, Neil (RX) [EMAIL PROTECTED]:
I fail to see how it can be exploited?My AV
I do hear what you are saying, but if you take all the
necessary precautions such as patches and security stuff
then you have nothing to worry about.
No, if you take the server offline, then you have nothing to worry about. In
the meantime, worrying about security is part of the constant
Yep, of course but I will keep an eye on updates for stuff etc, but I can
take a step back as far as a current compromise is concerned.
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]]
Sent: 22 January 2003 10:54
To: CF-Talk
Subject: RE: Goodbye cruel world
I do hear what
Your are all talking about past stuff - which has already
been documented as being insecure and as a result is the
first thing you fix on a new machine.
So, I take it that you've completed your audit of the Windows and IIS source
code, and you've found no other vulnerabilities. That's good
cannot execute xp_cmdshell.
Thanks for all the advice and heads up though.It good to see that people
are aware.
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]]
Sent: 22 January 2003 11:00
To: CF-Talk
Subject: RE: Goodbye cruel world
Your are all talking about past
how a machine with a Sofware Firewall
which blocks all inbound traffic unless user allowed is insecure...
You have to approve evey response to every HTTP request you make to a web site
? Doesn't that annoy you ?
--
Tom C
Error Message Box #2:
Windows cannot print to \\network\printer
, January 22, 2003 5:57 AM
Subject: RE: Goodbye cruel world
Yep, I trailed through the 12 Billion lines of code :-) LOL
Yep, I have disabled full unrestricted all access to the System SP's at
present by logins who are not members of the local administrator's group
for
the MSSQLServer service
At 02:11 PM 1/20/2003 -0500, you wrote:
I forgot about that.
I did have several problems when using norton securities, then I switched to
zone alarm (which was a mistake) then finally found that sygates personal
firewall worked the best. Defiantly leave the virus protection on though.
5000 files
At 05:53 PM 1/20/2003 -0500, you wrote:
I'm using a cable service. I'm getting Norton anti-virus put on here.
I don't know if I'll have to reinitialize my computer yet but will
figure it out I guess :)
Bad thread there Mike. Hope it is not a worm or a trojan as you suspect. If
you do have
out and now is trying to reconnect. This is way too frustrating.
-Original Message-
From: Dave Lyons [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 18, 2003 10:57 PM
To: CF-Talk
Subject: Re: Goodbye cruel world
u done with that alcohol downers then?
my girl is driving me nuts!
can i
I use BlackICE with no complaints...its really secure.
-Original Message-
From: Matt Brown [mailto:[EMAIL PROTECTED]]
Sent: 21 January 2003 16:30
To: CF-Talk
Subject: Re: Goodbye cruel world
At 02:11 PM 1/20/2003 -0500, you wrote:
I forgot about that.
I did have several problems when
On Tuesday 21 Jan 2003 16:53 pm, Robertson-Ravo, Neil (RX) wrote:
I use BlackICE with no complaints...its really secure.
Software firewalls, on Windows, are pointless:
http://tooleaky.zensoft.com/
(exec. summ. : any process on Windows can script IE, and IE you will have
allowed outbound, so any
ColdFusion Developer
-Network / Web Server Administrator
Vivid Media
[EMAIL PROTECTED]
www.vividmedia.com
608.270.9770
-Original Message-
From: Thomas Chiverton [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 21, 2003 11:06 AM
To: CF-Talk
Subject: Re: Goodbye cruel world
Software firewalls, on Windows, are pointless:
http://tooleaky.zensoft.com/
(exec. summ. : any process on Windows can script IE,
and IE you will have allowed outbound, so any process
has outbound access, without fear of filtering)
There's no need to allow outbound connections via IE or any
Dave Watts wrote:
There's no need to allow outbound connections via IE or any other browser on
your production servers.
There is no reason to allow any browser to *be* on a production server
(wish I could convince MS of that).
Jochem
Here here...
| -Original Message-
| From: Jochem van Dieten [mailto:[EMAIL PROTECTED]]
| Sent: Tuesday, January 21, 2003 10:59 AM
| To: CF-Talk
| Subject: Re: Goodbye cruel world
|
|
| Dave Watts wrote:
|
| There's no need to allow outbound connections via IE or any other
Suggest a simple solution that I use. WS-FTP
Upload what you need to the main site.
-Original Message-
From: Mike Miessen [mailto:[EMAIL PROTECTED]]
Sent: 19 January 2003 04:06
To: CF-Talk
Subject: RE: Goodbye cruel world
Well there it goes again. It is waiting for the server
Subject: RE: Goodbye cruel world
Suggest a simple solution that I use. WS-FTP
Upload what you need to the main site.
-Original Message-
From: Mike Miessen [mailto:[EMAIL PROTECTED]]
Sent: 19 January 2003 04:06
To: CF-Talk
Subject: RE: Goodbye cruel world
Well there it goes again
is fine
-Original Message-
From: Mike Miessen [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 20, 2003 7:28 AM
To: CF-Talk
Subject: RE: Goodbye cruel world
Things kept getting worse and even started having trouble with WS_FTP
etc...
I restored my system to an earlier date (I run XP
Synchronization altogether. I seem to be still
fighting it.
-Original Message-
From: Mike Miessen [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 18, 2003 11:52 PM
To: CF-Talk
Subject: RE: Goodbye cruel world
Well not yet. I am still trying to synchronize the site. I don't want
- Original Message -
From: Mike Miessen [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Monday, January 20, 2003 7:27 AM
Subject: RE: Goodbye cruel world
Things kept getting worse and even started having trouble with WS_FTP
etc...
I restored my system to an earlier date (I run XP
damn dude, lol!
always more to the story...
do u use DSL? if you do you might wanna check with the provider and make
sure they don't have blocks on.
If I was you I defiantly would debug, fdisk, the whole 9 yards and
re-install from the ground up. I do this every few months just to get all
the crap
Mike,
It has happened to me a couple of times, each because I had disabled
Anti-Virus for an install and forgotten to re-enable. I got some really
nasty ones.
Sorry for the pain. While you should probably start with a clean install (I
formatted all of my hard-drives each time) you hopefully
: Goodbye cruel world
damn dude, lol!
always more to the story...
do u use DSL? if you do you might wanna check with the provider and make
sure they don't have blocks on.
If I was you I defiantly would debug, fdisk, the whole 9 yards and
re-install from the ground up. I do this every few months
you try using a different FTP
package. The ones already mentioned and CUTE FTP
would be good tests.
-Original Message-
From: Dave Lyons [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 19, 2003 12:19 AM
To: CF-Talk
Subject: Re: Goodbye cruel world
I have no idea what to tell you
are you
are you talking about connecting to your local sites folder, the db
connection or ftp??
- Original Message -
From: Mike Miessen [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Saturday, January 18, 2003 9:05 PM
Subject: Goodbye cruel world
I got DWMX and set it up on my computer
Did you install the DWMX 6.1 update?
- Original Message -
From: Mike Miessen [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Saturday, January 18, 2003 9:05 PM
Subject: Goodbye cruel world
I got DWMX and set it up on my computer and started
building my site.
I
No could you pass the link ?
-Original Message-
From: Samuel Neff [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 18, 2003 10:24 PM
To: CF-Talk
Subject: RE: Goodbye cruel world
Did you install the DWMX 6.1 update?
- Original Message -
From: Mike Miessen [EMAIL PROTECTED
, 2003 10:38 PM
To: CF-Talk
Subject: RE: Goodbye cruel world
No could you pass the link ?
-Original Message-
From: Samuel Neff [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 18, 2003 10:24 PM
To: CF-Talk
Subject: RE: Goodbye cruel world
Did you install the DWMX 6.1 update
u done with that alcohol downers then?
my girl is driving me nuts!
can i have them;)
- Original Message -
From: Mike Miessen [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Saturday, January 18, 2003 10:53 PM
Subject: RE: Goodbye cruel world
Neva mind I found the link. Well I
.
-Original Message-
From: Dave Lyons [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 18, 2003 10:57 PM
To: CF-Talk
Subject: Re: Goodbye cruel world
u done with that alcohol downers then?
my girl is driving me nuts!
can i have them;)
- Original Message -
From: Mike Miessen
turn off passive ftp
i have this problem to but strangely only with my cfm site and not my asp
sites
- Original Message -
From: Mike Miessen [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Saturday, January 18, 2003 11:05 PM
Subject: RE: Goodbye cruel world
Well there it goes
Well there it goes again. It is waiting for the server and I have not
synchronized yet. Oops lost my connection. Well this is what it has
been like for a week now.
I have to say that I am trying to do it again and have reconnected. I
am currently staying connected longer than I have for the
any reason you cant use a reg ftp, like flashfxp or something?
- Original Message -
From: Mike Miessen [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Saturday, January 18, 2003 11:24 PM
Subject: RE: Goodbye cruel world
Well there it goes again. It is waiting for the server
To: CF-Talk
Subject: Re: Goodbye cruel world
any reason you cant use a reg ftp, like flashfxp or something?
- Original Message -
From: Mike Miessen [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Saturday, January 18, 2003 11:24 PM
Subject: RE: Goodbye cruel world
Well
actually i have never tried the one in dreamweaver
did you try and disable passive ftp yet?
- Original Message -
From: Mike Miessen [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Saturday, January 18, 2003 11:35 PM
Subject: RE: Goodbye cruel world
No reason other than I like DW
it is on.
-Original Message-
From: Dave Lyons [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 18, 2003 11:39 PM
To: CF-Talk
Subject: Re: Goodbye cruel world
actually i have never tried the one in dreamweaver
did you try and disable passive ftp yet?
- Original Message -
From: Mike Miessen [EMAIL
it is on.
-Original Message-
From: Dave Lyons [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 18, 2003 11:39 PM
To: CF-Talk
Subject: Re: Goodbye cruel world
actually i have never tried the one in dreamweaver
did you try and disable passive ftp yet?
- Original Message -
From: Mike
-
From: Mike Miessen [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Sunday, January 19, 2003 12:14 AM
Subject: RE: Goodbye cruel world
Passive FTP is off. It is still having problems and I finally lost
connection on my Synchronization altogether. I seem to be still
fighting
62 matches
Mail list logo