On Thursday 22 February 2007, Michael Sullivan wrote: > Also, I've always heard that you shouldn't > have any ports open on your machine unless you have some server bound > to that port because hackers can get in through unbound open ports. > Is this true? If so, how does it work?
That sounds like something out of Hollywod, perhaps that atrocious movie called Hackers with Angelina Jolie in it..... I fail to see how, in this universe, you can open a port and not have something listen on it. Let's face it: a process, or the kernel itself, asks to be informed about packets arriving for port X. What is port X? It's a number in the TCP/UDP packet so the receiving kernel knows which process to send the data to. If that process is not listening, the packets go ... nowhere. They don't have magic Gandalfs inside them that suddenly sprout up and do l33t h4x0r sh1t to your machine. Maybe there's some default behaviour the kernel applies to packets that are sent to hung/sleeping/absent processes. Maybe that default behaviour is such that there's a buffer overflow waiting to be exploited. Maybe... I think I wanna see the code and not some bullshit posted on an arb blog somewhere. You should be much more worried about vulnerabilities in known software that you don't really use that are running by default. By far the most common attack vector is weak user names and passwords accessed via ssh. Solution is a sensbile password policy, or allow ssh access only via keys. Then there's php, but I don't think you want to get me started on that... alan -- Optimists say the glass is half full, Pessimists say the glass is half empty, Developers say wtf is the glass twice as big as it needs to be? Alan McKinnon alan at linuxholdings dot co dot za +27 82, double three seven, one nine three five -- gentoo-user@gentoo.org mailing list
