0

I am bit of a newbie to Flash exploits but I have heard that they use sockets to connect to a C&C server. According to the administration guide, I can disable sockets like this:

DisableSockets = 1

This option enables or disables the use of the Socket.connect() and XMLSocket.connect() methods. I want to know what could be issues around it?

The issues that I am looking for, specifically, are if I harden by disabling sockets, will our existing SWFs work or not?

schroeder
  • 123,438
  • 55
  • 284
  • 319
ankit dangi
  • 29
  • 3
  • Could you clarify what you are asking here? What do you mean with "issues around it"? Are you afraid that you will break some functionality? Or do you want to protect against some exploit? Or something else? I do not understand the question. – Anders Dec 28 '16 at 15:37

1 Answers1

0

No issues with disabling sockets. You can always whitelist socket connections 

EnableSocketsTo = [ host name, IP address ]

if you have any whitelisted application using socket.connect. nothing breaks that way...

Shailendra Bhardwaj
  • 100
  • 4