[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] Re: BNC Network Question
Hmm,
So how would this work then? I would have thought that, if a javascript was
used I should have been able to see it in the html source. Does such a
script actually pose a potential threat - presumably if one can be run which
shows the contents of my hard drive on screen, something similar could also
wipe the drive clean???
Best wishes,
Ian
--
Ian W. Wright
Sheffield, UK
----- Original Message -----
From: "Brian Teeman" <xxxxx [at] uklinux.net>
To: <shef-lug [at] list.sheflug.org.uk>
Sent: Tuesday, April 30, 2002 10:52 AM
Subject: Re: [Sheflug] Re: BNC Network Question
> On Tue, 30 Apr 2002, Ian W. Wright wrote:
>
> > HI,
> >
> > I'm a bit sceptical about this scanner software. I use it regularly to
check
> > that my machine is supposedly secure and it always says I've got good
> > security and the machine services either aren't visible or report that
they
> > are 'closed'. However, a web site I chanced on the other day (can't
remember
> > which unfortunately) had an advert for some firewalling software which
> > presented me with a picture of my 'C' drive showing all the folders and
> > files!!
>
> Are you sure that it wasn't a javascript that was being run locally on
> your machine that was reading the contents of your
> C drive. This is quite easy to write and would give the impression that
> the remote computer was reading the contents of your drive.
>
> Brian
>
>
> > I'd love to know how it did it but, even though I looked at the page
source
> > at the time, it didn't give me any clues. The point is, of course, if
they
> > could see that far through my firewall which Shields Up and Portscan
said is
> > secure.......
> >
> > Best wishes,
> > Ian
> > --
> >
> > Ian W. Wright
> > Sheffield, UK
> > ----- Original Message -----
> > From: "Craig Andrews" <craig [at] fishbot.org.uk>
> > To: <shef-lug [at] list.sheflug.org.uk>
> > Sent: Tuesday, April 30, 2002 9:15 AM
> > Subject: Re: [Sheflug] Re: BNC Network Question
> >
> >
> > > On Tuesday 30 April 2002 01:39, you exclaimed:
> > > > No. You can still run samba on the same IP set thing (subnet), in
fact
> > it
> > > > would be a lot of unnecessary work to set it up on a different
subnet as
> > > > you'd have to start giving the machines 2 IP addresses.
> > > >
> > > > All you need is to make sure the router (the box that connects to
the
> > > > internet) isn't part of the MS network, ie. it doesn't run the samba
> > > > software.
> > >
> > > You can get Samba to run on the same machine with a little care. For
> > > instance, you can configure it to only use one interface, so you can
tell
> > it
> > > to totally ignore the dialup interface.
> > >
> > > Also, make sure that all requests on ports 137, 138 and 139 are DENIED
or
> > > REJECTED from the dialup interface, and you should be set. Get a
friend
> > with
> > > a port scanner to check your machine, or use the shields up tool on
> > > www.grc.com to test if Samba is accessible from the outside world.
> > >
> > > HTH
> > >
> > > Craig
> > > ___________________________________________________________________
> > >
> > > Sheffield Linux User's Group -
> > > http://www.sheflug.co.uk/mailfaq.html
> > >
> > > GNU the choice of a complete generation.
> > >
> >
> > ___________________________________________________________________
> >
> > Sheffield Linux User's Group -
> > http://www.sheflug.co.uk/mailfaq.html
> >
> > GNU the choice of a complete generation.
> >
>
> ___________________________________________________________________
>
> Sheffield Linux User's Group -
> http://www.sheflug.co.uk/mailfaq.html
>
> GNU the choice of a complete generation.
>
___________________________________________________________________
Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html
GNU the choice of a complete generation.