|
|
|
|
|
|
by unethical_ban
803 days ago
|
|
|
>Later, when I realized that inbound traffic was bypassing the firewall, I notified UC Berkeley’s Information Security Office of the potential security vulnerability, but their response was somewhat lacking in urgency. So we’ll see. If I were on their infosec team I wouldn't ignore it, but also, infosec and network often different silos. If network was already notified, infosec can't do much but complain. And, it seems the network was somewhat secure anyway. Any inbound scan or malicious traffic would get dropped going outbound, since there was no session on the outbound firewall. |
|
|
There are lots of types of maliciousness that would not be affected by this.