Let me start by stating that I am NOT a security expert.
That said, for a hacker to *break into a system* that is not running any
deamons, he would have to find a SERIOUS flaw in a client program or the OS.
Incoming packets are pulled from the network device by the kernel, which
will either handle them itself, or pass them to a "port".
If they are packets that are to be handled by the kernel, like icmp packets,
it is concievable that one could screw with the kernel. ICMP redirect
packets come to mind. Also, if a client program could be subverted, It could
be used as a method for gaining control of a system.
Now these are NOT easy tasks, but they are conceivable.
In addition to this, you are STILL vulnerable to Denial-of-Service (DoS)
attacks, in which the goal is to cripple your machine, or slow it down.
There are 2 types of these DoS attacks:
Flooding you: These attacks are easier if you have a deamon that will
cooperate, like the echo server. The attacker sends packets to the echo server,
which processes them, and returns results to the attacker. Removing the echo
servers means that there is less processing on your part. The kernel still has
to pull the packets from the network card, and do some processing, but the
additional processing of the echo server is gone. It would take significantly
more traffic from the attacker to cause as much of a slow-down if you have the
server removed. Packet-filtering should (I think) make it even harder still.
Crashing you: there was a flaw in one of the 2.2.x kernels (2.2.7?) where
someone could send a packet with some obscure flag-bit set, causing the kernel
to puke. There was a great article about it in Linux Journal a couple months
back. Removng deamons wont do any good here.
Hope this helps,
Bryan
On 16-Dec-1999 Evan Moore wrote:
> If a person has a box connected to a network, but there are no daemons
> such as telnetd, ftpd etc etc is it still possible for that box to be
> hacked into?
>
