Gentoo Archives: gentoo-user

From: Alan McKinnon <alan@××××××××××××××××.za>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] OT - Some miscellanous questions about hack attacks and dealing with them
Date: Thu, 22 Feb 2007 17:43:24
In Reply to: [gentoo-user] OT - Some miscellanous questions about hack attacks and dealing with them by Michael Sullivan
1 On Thursday 22 February 2007, Michael Sullivan wrote:
3 >  Also, I've always heard that you shouldn't
4 > have any ports open on your machine unless you have some server bound
5 > to that port because hackers can get in through unbound open ports.
6 >  Is this true?  If so, how does it work?
8 That sounds like something out of Hollywod, perhaps that atrocious movie
9 called Hackers with Angelina Jolie in it.....
11 I fail to see how, in this universe, you can open a port and not have
12 something listen on it. Let's face it: a process, or the kernel itself,
13 asks to be informed about packets arriving for port X. What is port X?
14 It's a number in the TCP/UDP packet so the receiving kernel knows which
15 process to send the data to. If that process is not listening, the
16 packets go ... nowhere. They don't have magic Gandalfs inside them that
17 suddenly sprout up and do l33t h4x0r sh1t to your machine.
19 Maybe there's some default behaviour the kernel applies to packets that
20 are sent to hung/sleeping/absent processes. Maybe that default
21 behaviour is such that there's a buffer overflow waiting to be
22 exploited. Maybe... I think I wanna see the code and not some bullshit
23 posted on an arb blog somewhere.
25 You should be much more worried about vulnerabilities in known software
26 that you don't really use that are running by default.
28 By far the most common attack vector is weak user names and passwords
29 accessed via ssh. Solution is a sensbile password policy, or allow ssh
30 access only via keys.
32 Then there's php, but I don't think you want to get me started on
33 that...
35 alan
37 --
38 Optimists say the glass is half full,
39 Pessimists say the glass is half empty,
40 Developers say wtf is the glass twice as big as it needs to be?
42 Alan McKinnon
43 alan at linuxholdings dot co dot za
44 +27 82, double three seven, one nine three five
45 --
46 gentoo-user@g.o mailing list