public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download: 
* Re: [gentoo-user] OT - Some miscellanous questions about hack attacks and dealing with them
  @ 2007-02-22 17:33 99% ` Alan McKinnon
  0 siblings, 0 replies; 1+ results
From: Alan McKinnon @ 2007-02-22 17:33 UTC (permalink / raw
  To: gentoo-user

On Thursday 22 February 2007, Michael Sullivan wrote:

>  Also, I've always heard that you shouldn't
> have any ports open on your machine unless you have some server bound
> to that port because hackers can get in through unbound open ports.
>  Is this true?  If so, how does it work?

That sounds like something out of Hollywod, perhaps that atrocious movie 
called Hackers with Angelina Jolie in it.....

I fail to see how, in this universe, you can open a port and not have 
something listen on it. Let's face it: a process, or the kernel itself, 
asks to be informed about packets arriving for port X. What is port X? 
It's a number in the TCP/UDP packet so the receiving kernel knows which 
process to send the data to. If that process is not listening, the 
packets go ... nowhere. They don't have magic Gandalfs inside them that 
suddenly sprout up and do l33t h4x0r sh1t to your machine.

Maybe there's some default behaviour the kernel applies to packets that 
are sent to hung/sleeping/absent processes. Maybe that default 
behaviour is such that there's a buffer overflow waiting to be 
exploited. Maybe... I think I wanna see the code and not some bullshit 
posted on an arb blog somewhere.

You should be much more worried about vulnerabilities  in known software 
that you don't really use that are running by default.

By far the most common attack vector is weak user names and passwords 
accessed via ssh. Solution is a sensbile password policy, or allow ssh 
access only via keys.

Then there's php, but I don't think you want to get me started on 
that...

alan

-- 
Optimists say the glass is half full,
Pessimists say the glass is half empty,
Developers say wtf is the glass twice as big as it needs to be?

Alan McKinnon
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five
--
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[relevance 99%]

Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2007-02-22 16:45     [gentoo-user] OT - Some miscellanous questions about hack attacks and dealing with them Michael Sullivan
2007-02-22 17:33 99% ` Alan McKinnon

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox