[PLUG] Running firewall and services on one box?

Bill Spears bspears at easystreet.com
Wed May 1 21:01:29 UTC 2002


On Wednesday 01 May 2002 11:43 am, you wrote:
> What he says is true.
>
> This, however, is my ideal situation.
>
> The firewall box has zero remote access. No ssh, telnet, rsh, or any other
> service running on it. It's simply a smart router that inspects packets (at
> least on the way in) and either passes or rejects them. Fewer services
> means fewer chances for a vulnerability to be found and exploited.
>
> The firewall forwards requests for services to the appropriate box. Port
> 80/443 goes to the webserver, etc. If these services are running on the
> firewall, then if  a vulnerability is found, and exploited, other ports may
> then be able to be opened, and the hacker gains access to the box. If you
> have a seperate machine doing the firewall, then this particular method is
> much more difficult, nearing impossibility. Take for instance if there's a
> possibility to hack apache and get it to drop to a shell. 

So how does this work.  Say I'm offering htppd over 80, I can see how they 
can crash apache, but how do they get it to run ssh, telnet or whatever to 
offer a shell across a network.





More information about the PLUG mailing list