tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Possible virus uploaded to Tomcat 5.5.3
Date Sat, 09 Aug 2008 02:52:25 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter,

Peter Crowther wrote:
| That's a nice little JSP - once it's on the system, the attacker can
| do anything they like that's allowed by the outbound firewall, with
| the privilege of the user running Tomcat.

Yeah, pretty much.

This is one of the reasons that I set up my software firewalls to
restrict /outgoing/ traffic from production systems just as much as
restricting incoming traffic. If I don't need outgoing HTTP, FTP, IRC,
or any of those other oft-used attack vectors from within a
semi-compromised box, then I disable traffic over those ports. Better
yet, disable everything and explicitly enable anything you actually need.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkidBmkACgkQ9CaO5/Lv0PCUrQCghanJGlD4doOFAL8S9U5AQBUj
rZsAn0lgxlKrubcZFUuL0x81gF5TdaX9
=PGdI
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message