Soldato
Of course firewalls are present but a firewall by itself is just one layer of protection... The firewalls can be bypassed with various forms of tunnelling - or if the security breach is vast enough, by just modifying the firewall rules.brocksta said:i take it firewalls were non existant whenever he did it??? surely they must have some way of blocking external IP's.
Im not saying he didnt do it, but it just seems too easy.
In this case (and assuming he isn't lying about the extent of his hacking activities) I suspect he used an e-mail vulnerability from the days when Outlook Express (and, well, computer software in general) was a lump of swiss cheese. The exploit then 'dropped' a SSH tunneling client to tunnel back to a server of his choice. He then connects using SSH via that relay to the exploited system. Then progress continues from that point on... e.g. installing a VNC client as he did, scanning other computers on the network(s) for weak passwords and vulnerabilities using his Perl script (or any of the common readily available tools such as Nessus).