| 1 |
Am Donnerstag, 8. Januar 2004 16:57 schrieb mir Thomas T. Veldhouse: |
| 2 |
> Oliver Schad wrote: |
| 3 |
> > Not really. And why should a network scan be dangerous? Security by |
| 4 |
> > obscurity doesn't work. You can scan a well configured host all day |
| 5 |
> > long, who cares? |
| 6 |
> |
| 7 |
> True, but if you do happen to have an exploitable service (i.e. the brk |
| 8 |
> issue with the linux kernel and rsync recently), a script kiddie might |
| 9 |
> grow tired of waiting for scan results from your network and go |
| 10 |
> elsewhere. Certainly slowing down potential hackers buys time and |
| 11 |
> frustration for the attacker if nothing else. The assumption that all |
| 12 |
> potential attackers are experts is not a good one. |
| 13 |
|
| 14 |
The brk issue is a local problem, it has nothing to do with networking. |
| 15 |
The security hole in rsync is/was still there if you deny requests to |
| 16 |
closed ports. |
| 17 |
|
| 18 |
And I don't believe that any script kid sits crying in front of his |
| 19 |
computer and runs to his mom "The f****** admin blocks all my attacks, |
| 20 |
wuaaaaaaaaaaahhhhhh!" because you have blocked all connections to closed |
| 21 |
ports. |
| 22 |
|
| 23 |
If I would search for vulnerable rsync server, I would start the ultimate |
| 24 |
hacker tool in the evening and after sweet dreams in the night I would |
| 25 |
look for my victims with a well tasting cup of tea in my hand in the next |
| 26 |
morning. And I swear, I wouldn't start to cry, because you did block any |
| 27 |
of my requests. |
| 28 |
|
| 29 |
It don't increase your security and it breaks internet standards. And is |
| 30 |
it not true, that it slow down network scans in a worthy of mention. It |
| 31 |
makes no sense to block requests to closed ports. |
| 32 |
|
| 33 |
mfg |
| 34 |
Oli |
| 35 |
|
| 36 |
-- |
| 37 |
gentoo-security@g.o mailing list |
Archives