The rule with fleas is: for every one you see there are at least 10 more. Besides, if you can get out to ports like this to perform a scan, what is to stop you for exploiting the ports you find? No, this feels too much like complete bypass of a firewall. -- Allen Brown http://brown.armoredpenguin.com/~abrown
> It might not be much by itself but it would be helpful if you were > gathering information for a more targeted attack. I don't have the > code; I just know that he was working on it and he shared the results > when he got it finished. It took him about a day to do. > > On Wed, Jul 9, 2008 at 4:22 PM, Jimmy Hendrix > <[EMAIL PROTECTED]> wrote: >> I would love to see the code to do that. Although it is worth noting >> that >> an internal port scan isn't worth much since you would need to crack the >> perimeter firewall or take full control of the machine through some >> other >> method before the info is worth anything. Otherwise you would know what >> ports are open, but the firewall would stop you from exploiting them. >> >> Jimmy >> >> On Wed, Jul 9, 2008 at 3:57 PM, M. Bitner <[EMAIL PROTECTED]> wrote: >>> >>> I started religiously running NoScript in Firefox after a colleague of >>> mine figured out how to write a port scanner in Javascript. So if you >>> went to his page with Javascript enabled he would able to have you >>> run a scan of your internal network, as your user, with your >>> permissions, regardless of firewall settings. So my answer would be >>> that even if Javascript has gotten safer it doesn't mean that people >>> haven't figured out clever things to do with it that you wouldn't want >>> to happen. >>> >>> On Wed, Jul 9, 2008 at 3:53 PM, Allen Brown <[EMAIL PROTECTED]> wrote: >>> > I am moderately paranoid about allowing web sites run javascript >>> > in my browser. (I use NoScript in Firefox.) Basically I only >>> > enable it if I know the owner of the site or trust them because >>> > of who they are. Examples: personal friends or banks. >>> > >>> > Am I being unnecessarily paranoid? Has Javascript gotten good >>> > enough that I can let my guard down? How do you all handle this? >>> > -- >>> > Allen Brown abrown at peak.org >>> > http://brown.armoredpenguin.com/~abrown/ >>> > Criticism may not be agreeable, but it is necessary. It fulfils >>> > the same function as pain in the human body. It calls attention >>> > to an unhealthy state of things. --- Sir Winston Churchill >>> > _______________________________________________ >>> > EUGLUG mailing list >>> > [email protected] >>> > http://www.euglug.org/mailman/listinfo/euglug >>> > >>> _______________________________________________ >>> EUGLUG mailing list >>> [email protected] >>> http://www.euglug.org/mailman/listinfo/euglug >> >> >> _______________________________________________ >> EUGLUG mailing list >> [email protected] >> http://www.euglug.org/mailman/listinfo/euglug >> >> > _______________________________________________ > EUGLUG mailing list > [email protected] > http://www.euglug.org/mailman/listinfo/euglug > _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
