[2547] in WWW Security List Archive
Re[2]: IPX or Banyon
daemon@ATHENA.MIT.EDU (Mark_W_Loveless@smtp.bnr.com)
Tue Jul 30 02:24:44 1996
From: Mark_W_Loveless@smtp.bnr.com
Date: Mon, 29 Jul 96 23:01:36 CST
To: ann@qni.com, Mike Muuss <mike@arl.mil>
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
I know of a couple of things that "psuedo" apply. First is Netware's
HTTP Server. Out of the box a sample script could look at any file on
the sys: volume -
http://target.com/scripts/convert.bas?../../any/file/on/sys
Any IP-based service could potentially be vulnerable to
denial-of-service attacks. Also if the server has XCONSOLE running,
any attachment to the server using this utility involves a plaintext
password.
Any CLIENT that allows IP connectivity and still allows Netware
connectivity could bridge the gap between IP and IPX, a Windows NT or
OS/2 workstation configured to receive a telnet client that ends up at
a command line could potentially attack a Netware server.
There is a document at ftp://ftp.fastlane.net/pub/nomad/nw/faq.zip
that has more info on Netware in general.
Sorry this is so far off topic but I at least worked in that Novell
HTTP server, oh and you can DOWNLOAD hacking files with a web browser
so I guess that counts as on topic :-)
Mark_W_Loveless@smtp.bnr.com
Opinions are my own, not my employer
______________________________ Reply Separator _________________________________
Subject: Re: IPX or Banyon
Author: Mike Muuss <mike@arl.mil> at internet
Date: 7/25/96 6:05 PM
Ann wrote -
> IPX systems are not vulnerable to IP attacks
Maybe, maybe not. But IPX systems are _highly_ vulnerable to IPX attacks.
Best,
-Mike
