My understanding is that, even if you close all the ports, the software will still respond in some way. Assuming that you can trust the machine and everything running on it to do that, you're allright. I have no idea about proving it. I guess you have to rely on really secure Host Intrusion Detection stuff with secured log files using checksums and all that other stuff I don't quite understand.
-Steve >From: "Jason Coombs" <[EMAIL PROTECTED]> >Reply-To: <[EMAIL PROTECTED]> >To: "Steve Bremer" <[EMAIL PROTECTED]>,"Steven Ackerman" ><[EMAIL PROTECTED]> >CC: <[EMAIL PROTECTED]> >Subject: RE: Cracking Servers W/O open ports: Packet Filter Firewall >Date: Fri, 12 Jul 2002 10:08:27 -1000 > >Aloha, > >To touch on a point nobody else has mentioned yet, the question >presumes absolute objective forensic security proof that there >are no "open ports" on the target box, that no bits arriving on >the network can ever impact what the microprocessor does. > >How you prove security forensically makes a big difference. What >forensics tools are you using? How do you know the tool has not >itself been compromised? Perhaps more importantly, how do you >know, and how can you PROVE, that the tool has no open ports? > >Sincerely, > >Jason Coombs >[EMAIL PROTECTED] > >-----Original Message----- >From: Steve Bremer [mailto:[EMAIL PROTECTED]] >Sent: Friday, July 12, 2002 9:20 AM >To: Steven Ackerman >Cc: [EMAIL PROTECTED] >Subject: Re: Cracking Servers W/O open ports: Packet Filter Firewall > > > > > > solution, right?) and so they are very difficult to crack. Could you > > please elaborate on that. > >Sure can. I left out a word in that sentence. I meant to say: > >"Machines that are used as a packet filtering firewall often fall into >this category." >^^^^^ > >I say that because often times, at least in my experience, a packet >filtering firewall is configured with no services running so that they >become very difficult to attack. > >Steve Bremer _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
