brent timothy saner on 30 Aug 2008 17:46:07 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Question about Remote Desktop through a NAT


Brian Vagnoni wrote:
> Ok everyone here is your chance. For the next 24 hours I Brian Vagnoni
> hereby authorize the PLUG(Philadelphia Linux Users Group) list members
> subscribed prior to the time stamp contained in this e-mail to pen-test the
> system located at wireless.v-system.net. It contains the exact situation
> described by me in my thread scenario only easier(no Linux computer to get
> through to once you defeat the router). The device in question contains a
> USB network attached storage unit that contains nothing I wouldn't miss. You
> are welcome to leave me a message in the root folder stating hello. 
> 
> I think I'm being more than generous here with regard to the time as my
> scenario would only open ports for like 15 minutes. 
> 
> There are no computers on this network. Just a router and a network attached
> storage unit.
> 
> I will e-mail people directly via pgp to prove that this is me. 
> 
> I just put this site up so you may need to refresh your dns cache.
> 
> I will expect people to play honorably. 
> 
> Good Luck & Good Hunting
> 
> I owe whomever gets through several beers. :-) I'll also volunteer at some
> OSS event of the groups choosing.
> 


obviously you're being cocky trying to prove a point.

first off, bad idea.

secondly, it's not root i'm worried about. there are n+1 ways to
compromise security without gaining root access. here's an example-

the router gets bruted, or a flaw in the firmware is discovered. they
can access to the router. they can make that router point upstream to a
sniffer they have, and there you have a compromise- personal data stolen.

or they flash it with, say, openwrt. they know have control over a linux
box acting as your router, which is limitless in the havoc they cause.

lastly, we aren't discussing your setup, are we? we're discussing the
OP's father's. once more, irrelevant and not helpful.

lastly, "I will expect people to play honorably"? That's not how it's
done IRL. there are no gentleman rules.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug