[petsc-users] petsc externalpackage directory
Satish Balay
balay at mcs.anl.gov
Tue Feb 2 23:37:44 CST 2016
On Tue, 2 Feb 2016, Barry Smith wrote:
> >>
> >> I think Satish has it backwards; can can ssh and scp INTO the machine from outside,
> >
> > Yeah - thats what I tried to say. Bad choice of words [should have said 'secure net' aka 'firewalled network' or the remote-machine-with-firewall]
> >
> >> thus manually copy in tarballs and other sources of infection but you cannot ssh, scp, curl, wget or anything OUT of the machine to GET infected tarballs. Of course the end result is still that you have infected tarballs on your machine but now the sys admin can say it is your fault and not his or hers.
> >
> > I think the primary concern here is open network paths that can be exploited by other means [not the stuff 'users' copy over]
> > And even in case of 'infected' tarballs - one usual thingy that such 'inections' do is - get more (damaging/latest) stuff to run using wget (or equivalent)..
> > Without the 'network path' such things get blocked..
>
> Yes that is the (poor) logic of these "firewalls".
Something I missed saying is - usually if these infections are successful - they just copy lots of data [passwd files, ssh key files or other important data] over
to the haker servers.
The folks that setup and run these stuff might offer better explanations than what I can..
Satish
More information about the petsc-users
mailing list