* Re: [gentoo-user] OT - Some miscellanous questions about hack attacks and dealing with them
@ 2007-02-22 17:33 99% ` Alan McKinnon
0 siblings, 0 replies; 1+ results
From: Alan McKinnon @ 2007-02-22 17:33 UTC (permalink / raw
To: gentoo-user
On Thursday 22 February 2007, Michael Sullivan wrote:
> Also, I've always heard that you shouldn't
> have any ports open on your machine unless you have some server bound
> to that port because hackers can get in through unbound open ports.
> Is this true? If so, how does it work?
That sounds like something out of Hollywod, perhaps that atrocious movie
called Hackers with Angelina Jolie in it.....
I fail to see how, in this universe, you can open a port and not have
something listen on it. Let's face it: a process, or the kernel itself,
asks to be informed about packets arriving for port X. What is port X?
It's a number in the TCP/UDP packet so the receiving kernel knows which
process to send the data to. If that process is not listening, the
packets go ... nowhere. They don't have magic Gandalfs inside them that
suddenly sprout up and do l33t h4x0r sh1t to your machine.
Maybe there's some default behaviour the kernel applies to packets that
are sent to hung/sleeping/absent processes. Maybe that default
behaviour is such that there's a buffer overflow waiting to be
exploited. Maybe... I think I wanna see the code and not some bullshit
posted on an arb blog somewhere.
You should be much more worried about vulnerabilities in known software
that you don't really use that are running by default.
By far the most common attack vector is weak user names and passwords
accessed via ssh. Solution is a sensbile password policy, or allow ssh
access only via keys.
Then there's php, but I don't think you want to get me started on
that...
alan
--
Optimists say the glass is half full,
Pessimists say the glass is half empty,
Developers say wtf is the glass twice as big as it needs to be?
Alan McKinnon
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2007-02-22 16:45 [gentoo-user] OT - Some miscellanous questions about hack attacks and dealing with them Michael Sullivan
2007-02-22 17:33 99% ` Alan McKinnon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox