From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 6ECDF138DBE for ; Sat, 18 Jul 2015 17:43:48 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3BCE014021; Sat, 18 Jul 2015 17:43:41 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 36D6114016 for ; Sat, 18 Jul 2015 17:43:40 +0000 (UTC) Received: from localhost (sloan0.ut.mephi.ru [85.143.112.33]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: bircoph) by smtp.gentoo.org (Postfix) with ESMTPSA id B6B98340D1B for ; Sat, 18 Jul 2015 17:43:38 +0000 (UTC) Date: Sat, 18 Jul 2015 20:43:32 +0300 From: Andrew Savchenko To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: In the fear of getting hacked (WLAN setup) Message-Id: <20150718204332.192ed2fe1112e11ede65ffcb@gentoo.org> In-Reply-To: References: <20150718033453.GA4270@solfire> X-Mailer: Sylpheed 3.4.3 (GTK+ 2.24.25; i686-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="PGP-SHA512"; boundary="Signature=_Sat__18_Jul_2015_20_43_33_+0300_8wyhndwdOvDHwiEG" X-Archives-Salt: 5ee8b68f-0577-4da3-a844-4a531ca995f6 X-Archives-Hash: c6702b4caa9db45cae93b420b25b7554 --Signature=_Sat__18_Jul_2015_20_43_33_+0300_8wyhndwdOvDHwiEG Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: quoted-printable H, On Sat, 18 Jul 2015 06:47:21 +0300 Nikos Chantziaras wrote: > > The problem I (possibly needless) see is: While I am tinkering and > > testing the configuration I may setup an open Wifi access point > > without noticing it in first glance and > > BANG! get hacked ... in the worst case: unrecognized... > > > > What is the "best practice" here? > > Is there a certain independant configuration, which I can set, > > which prevents this scenario? > > > > Thank you very much in advance for any help! > > Best regards, > > Meino > > > > PS: If one knows the ASUS Memo Pad 7 ME176CX and knows a > > way to locally connect this tablet to the internet...this > > would be a way to go also. I would appreciate any hint in > > this case (Using Lollipop 5.0). >=20 > If you don't have any daemons running that provide network services=20 > (have opened listen ports), you can't get hacked. This is usually a=20 > problem for Windows, which by default has a gazillion of services=20 > running (NetBIOS, printer/media/filesystem/everything sharing,=20 > messaging, remote desktop, etc.) >=20 > On Gentoo, if *you* didn't set up a service, then nothing is listening=20 > on the network. Yes and no. If user enabled network interface and has no network daemons running, kernel still listens to that interface (ARP, icmp and so on) and may be hacked using vulnerabilities in network stack, protocol handlers or even network device drivers. By default Gentoo has no interfaces enabled, but usually they are set up during initial install. And users may be unaware that even without any network applications they may be vulnerable with enabled interfaces. Proper configuration of kernel, especially iproute2 and iptables can minimize such risks, of course. Best regards, Andrew Savchenko --Signature=_Sat__18_Jul_2015_20_43_33_+0300_8wyhndwdOvDHwiEG Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJVqpBFAAoJEPZTWjO6HuSN60YP/1JsigjiGnLe8XGESEH4hdi/ GNUKf4tvDh0/pJZTCXLqdzLCWCJCCyUNdfsOEWS1yADFqsOHWlC0UlZXqzIR5+5d to2kzMaOQCmbvstxWpX4gWiNpV8G2EI+ZlYl8lgDJ4hpTxP8ve57b9L3ycksl6W0 PzJi82Dvtres3KBXoTI/yanXfgDCnmd96MYoeerVH7xNvBAtgu2KJAIB3NZM72JB m9YYvJMIfax1kwk5VzuCrTpNaK203JxbyXG+e+TbEEOTGI4Q2SZvamjs3cTpXF7r KoYnlcUneZs5r/YNI97XWYHIiNX85QcMIC7IxVbIU5+W4iiLaUxZajzuFcn/nm60 I1Kg++KbiS2UmZm+Awavv7OO0/GCg5J32sqZQz2VChCX92HkEmY563EjayoYLh4P PFepa6/Owj/p4KJCChaDv1tBIAIjFy+iDK+BThimBRvLTdDwB+D0/ljnTY0ur5PN LFRtgPPW3CPQslgtf++KdsN49eLIRiTPnXlVjuUsyxIFrjZyjt5sqnvaewm4LMkK jxqxcLKbCpHgNA7FUJU9tX5QMUuYyFEmLYu0LFqm7QCiOlLc7CG1vhJ2s6HwPsyP 1VIHM4UrQDyajkv80Z+gNAKshnZEzizGKPIGfIMF6bpyv5dln3nrZeprvjXh1i9w ZpL4nPqgjONy7cl9wUN/ =2fRz -----END PGP SIGNATURE----- --Signature=_Sat__18_Jul_2015_20_43_33_+0300_8wyhndwdOvDHwiEG--