Realistic? Chances are exactly 100%. Looking at my linux firewall I see
tons of scans on all kinds of ports every day so chances are they will
scan your system in less than an day if not in few hours or minutes.
I'm not saying you won't get scanned. The point is that very, very few
hackers are likely to know (or want to know) about emcrsh. It is all
very well having access to a port but it doesn't do you any good if you
can't do anything with it. Additionally emcrsh uses quite a high port
number. Most firewalls detect port scans and after the first few they
simply report all ports are closed.
As a systems administrator I would not approve of anybody telneting from
the outside to a system on the network I'm responsible for. We already
have too many problems let's not add another one when it can easily be
avoided.
Remember the emcrsh isn't a normal shell. It is simply a text based
front end for emc that can communicate over a network. Telnet is just a
client that can talk over a network. If you really want you can send
emails by telneting directly to an email MTA such as exim. Does that
mean all MTAs are dangerous security risks?
One would only need to inject a special string that would execute like a
shell during a session.
How? The only possibility I can think of is some clever buffer overrun
exploit. Emcrsh does actually have a buffer overrun problem but all it
will do is cause a segfault and shut emcrsh down. I have attached a
patch that fixes the problem.
It could simply sniff for the password, create a
user account and prepare for a long hideout. Don't forget man in the
middle attack where payload is spiced with "special code." Tools are
already there.
This assumes the hacker is in a position to intercept packets. Just
having an open port doesn't automatically give a hacker access to the
data going through it. How can you create a user account? emcrsh does
not have a function to do this.
What was the common perception, never mind the government, of
probability for global recession last summer when the oil prices reached
$147 per barrel? 0.
Actually it was pretty much a foregone conclusion. The economy goes up
steadily, sharply peaks then crashes. The cycle then repeats. The bigger
the peak, the harder the crash. This has gone on pretty much since the
invention of money. Only short sighted and greedy bankers and
speculators don't seem to realize this.
No need to advertise. Traffic is simply monitored for type protocols,
applications, etc. use on servers. Bad guys keep databases of "systems
of interest" and when a vulnerability is discovered they know which
systems can be turned into zombies right away.
But emcrsh is a very rarely used application. How many emcrsh sessions
are active at the moment behind firewalls/routers that have port 5007
open? You can probably count them on one hand. Very few hackers are
going to spend time trying to find ways of subverting it when they know
it is only run on a tiny handful of computers.
Only paranoid systems administrators can sleep well at night because
they protect systems from the beginning.
And if you are sensible you will make sure your firewall does not have
port 5007 open. This solves the problem. If you really do need to allow
external connections then there are plenty of secure options already
available.
Les
Index: emcrsh.cc
===================================================================
RCS file: /cvs/emc2/src/emc/usr_intf/emcrsh.cc,v
retrieving revision 1.13
diff -u -p -r1.13 emcrsh.cc
--- emcrsh.cc 23 Dec 2008 15:48:23 -0000 1.13
+++ emcrsh.cc 11 Jan 2009 23:42:49 -0000
@@ -2636,8 +2686,8 @@ int parseCommand(connectionRecType *cont
void *readClient(void *arg)
{
- char str[1600];
- char buf[1600];
+ char str[1601];
+ char buf[1601];
unsigned int i, j;
int len;
connectionRecType *context;
------------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB
_______________________________________________
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users
