Hi all, is there any resource (book, web, articles etc) with an overview of risks associated with particular protocols? The goal is to give assessment statements for firewall policies quickly and explane shortly why which port is critical under certain boundary conditions and why others are of low risk.
E.g. like this syslog: spoofing, denial of service..., low risk of manipulation because protocol is simple. telnet: clear text password eaves dropping, authentication due to week pwd's... ntp: authentication, manipulating of systime for... perhaps kerberos attacks etc ftp: unauthorized file access, many vulnerabilities of ftp servers in the past, active ftp, clear text pwd... http: tunneling other ports tcp 135-137, 445 <long list of risks> ;-) ssh: reverse tunneling... and so on and so on... regards Erik
