| 1 |
On Thursday 22 February 2007, Michael Sullivan wrote: |
| 2 |
|
| 3 |
> Also, I've always heard that you shouldn't |
| 4 |
> have any ports open on your machine unless you have some server bound |
| 5 |
> to that port because hackers can get in through unbound open ports. |
| 6 |
> Is this true? If so, how does it work? |
| 7 |
|
| 8 |
That sounds like something out of Hollywod, perhaps that atrocious movie |
| 9 |
called Hackers with Angelina Jolie in it..... |
| 10 |
|
| 11 |
I fail to see how, in this universe, you can open a port and not have |
| 12 |
something listen on it. Let's face it: a process, or the kernel itself, |
| 13 |
asks to be informed about packets arriving for port X. What is port X? |
| 14 |
It's a number in the TCP/UDP packet so the receiving kernel knows which |
| 15 |
process to send the data to. If that process is not listening, the |
| 16 |
packets go ... nowhere. They don't have magic Gandalfs inside them that |
| 17 |
suddenly sprout up and do l33t h4x0r sh1t to your machine. |
| 18 |
|
| 19 |
Maybe there's some default behaviour the kernel applies to packets that |
| 20 |
are sent to hung/sleeping/absent processes. Maybe that default |
| 21 |
behaviour is such that there's a buffer overflow waiting to be |
| 22 |
exploited. Maybe... I think I wanna see the code and not some bullshit |
| 23 |
posted on an arb blog somewhere. |
| 24 |
|
| 25 |
You should be much more worried about vulnerabilities in known software |
| 26 |
that you don't really use that are running by default. |
| 27 |
|
| 28 |
By far the most common attack vector is weak user names and passwords |
| 29 |
accessed via ssh. Solution is a sensbile password policy, or allow ssh |
| 30 |
access only via keys. |
| 31 |
|
| 32 |
Then there's php, but I don't think you want to get me started on |
| 33 |
that... |
| 34 |
|
| 35 |
alan |
| 36 |
|
| 37 |
-- |
| 38 |
Optimists say the glass is half full, |
| 39 |
Pessimists say the glass is half empty, |
| 40 |
Developers say wtf is the glass twice as big as it needs to be? |
| 41 |
|
| 42 |
Alan McKinnon |
| 43 |
alan at linuxholdings dot co dot za |
| 44 |
+27 82, double three seven, one nine three five |
| 45 |
-- |
| 46 |
gentoo-user@g.o mailing list |
Archives