1 |
Am Donnerstag, 8. Januar 2004 16:57 schrieb mir Thomas T. Veldhouse: |
2 |
> Oliver Schad wrote: |
3 |
> > Not really. And why should a network scan be dangerous? Security by |
4 |
> > obscurity doesn't work. You can scan a well configured host all day |
5 |
> > long, who cares? |
6 |
> |
7 |
> True, but if you do happen to have an exploitable service (i.e. the brk |
8 |
> issue with the linux kernel and rsync recently), a script kiddie might |
9 |
> grow tired of waiting for scan results from your network and go |
10 |
> elsewhere. Certainly slowing down potential hackers buys time and |
11 |
> frustration for the attacker if nothing else. The assumption that all |
12 |
> potential attackers are experts is not a good one. |
13 |
|
14 |
The brk issue is a local problem, it has nothing to do with networking. |
15 |
The security hole in rsync is/was still there if you deny requests to |
16 |
closed ports. |
17 |
|
18 |
And I don't believe that any script kid sits crying in front of his |
19 |
computer and runs to his mom "The f****** admin blocks all my attacks, |
20 |
wuaaaaaaaaaaahhhhhh!" because you have blocked all connections to closed |
21 |
ports. |
22 |
|
23 |
If I would search for vulnerable rsync server, I would start the ultimate |
24 |
hacker tool in the evening and after sweet dreams in the night I would |
25 |
look for my victims with a well tasting cup of tea in my hand in the next |
26 |
morning. And I swear, I wouldn't start to cry, because you did block any |
27 |
of my requests. |
28 |
|
29 |
It don't increase your security and it breaks internet standards. And is |
30 |
it not true, that it slow down network scans in a worthy of mention. It |
31 |
makes no sense to block requests to closed ports. |
32 |
|
33 |
mfg |
34 |
Oli |
35 |
|
36 |
-- |
37 |
gentoo-security@g.o mailing list |