[Twisted-Python] Security issue in SOCKS and Webcoil
Itamar Shtull-Trauring
twisted at itamarst.org
Mon Feb 25 05:29:57 EST 2002
Both of these when setup using mktap or coil listen on all interfaces.
So running a mktap generated SOCKS on a firewall means anyone can access
your internal network, and running coil means anyone can setup a telnet
python shell or SOCKS proxy remotely.
So, changes we need to make:
SOCKS tap should allow configurin interfaces it will run on.
COIL should allow configuring which interfaces a server can run on, not
jusy which ports.
More information about the Twisted-Python
mailing list