> I was just wondering. I know the rule is everything can be cracked. > But can anyone point me to info on how to crack something with no > ports open or/and perhaps tell me how that's called (so I can > search...).
A networked workstation without services is certainly harder to crack than a server with daemons listening. Usually, hacking a workstation requires some form of 'cooperation' from the user of the workstation. The basic idea is to somehow fool the user into installing a back door or a bot that will establish an outbound connection to allow remote control via an IRC channel. Some ways to do this: - e-mail viruses or buffer overflows in email clients. - manipulate a site the user trusts and from which they regularly upload files, or play man-in-the-middle essentially, you try to replace some program the user downloads with a back door. - social engineering (offer 'modem speed enhancer' to the user... send him a colorful CD offering '100000 of free AOL...) All of these methods can of course be defeated by a vigilant user. (Virus checkers, encrypted/signed downloads, common sense...). It is certainly harder to gather the necessary intelligence compared to a vanilla default install of some known to be vulnerable daemon. -- --------------------------------------------------------------- [EMAIL PROTECTED] Collaborative Intrusion Detection join http://www.dshield.org
msg07916/pgp00000.pgp
Description: PGP signature