>From my current knowledge with network sniffing and host scanning, the host does have intervention with what happens with a particular packet. (This is how some network scanners implement host mapping, by the type of replies they send, even if the packets are rejected)
Even if the host drops the packet (look at it, if the host does not want it then forget about it) the host still has to deal with looking at the packet right? (Note stateful packet rules model as an example) Lets say there was some new vulnerability discovered which took advantage of the way packets were handled in a kernel...then you might just be able to crack open a server and enable a couple of services, like open up a webserver serving up the entire /home directory. But to crack something without open ports would be very complex, since you would not be hitting the server through some webserver/database/FTP. Depends on what you know, and if you know how to use it. I personally just know that part. My two cents. >From: "Steven Ackerman" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED], [EMAIL PROTECTED] >CC: [EMAIL PROTECTED] >Subject: RE: Cracking Servers W/O open ports: Packet Filter Firewall >Date: Fri, 12 Jul 2002 13:19:54 -0700 > >My understanding is that, even if you close all the ports, the software >will still respond in some way. Assuming that you can trust the machine and >everything running on it to do that, you're allright. I have no idea about >proving it. I guess you have to rely on really secure Host Intrusion >Detection stuff with secured log files using checksums and all that other >stuff I don't quite understand. > >-Steve > > >>From: "Jason Coombs" <[EMAIL PROTECTED]> >>Reply-To: <[EMAIL PROTECTED]> >>To: "Steve Bremer" <[EMAIL PROTECTED]>,"Steven Ackerman" >><[EMAIL PROTECTED]> >>CC: <[EMAIL PROTECTED]> >>Subject: RE: Cracking Servers W/O open ports: Packet Filter Firewall >>Date: Fri, 12 Jul 2002 10:08:27 -1000 >> >>Aloha, >> >>To touch on a point nobody else has mentioned yet, the question >>presumes absolute objective forensic security proof that there >>are no "open ports" on the target box, that no bits arriving on >>the network can ever impact what the microprocessor does. >> >>How you prove security forensically makes a big difference. What >>forensics tools are you using? How do you know the tool has not >>itself been compromised? Perhaps more importantly, how do you >>know, and how can you PROVE, that the tool has no open ports? >> >>Sincerely, >> >>Jason Coombs >>[EMAIL PROTECTED] >> >>-----Original Message----- >>From: Steve Bremer [mailto:[EMAIL PROTECTED]] >>Sent: Friday, July 12, 2002 9:20 AM >>To: Steven Ackerman >>Cc: [EMAIL PROTECTED] >>Subject: Re: Cracking Servers W/O open ports: Packet Filter Firewall >> >> >> >> >> > solution, right?) and so they are very difficult to crack. Could you >> > please elaborate on that. >> >>Sure can. I left out a word in that sentence. I meant to say: >> >>"Machines that are used as a packet filtering firewall often fall into >>this category." >>^^^^^ >> >>I say that because often times, at least in my experience, a packet >>filtering firewall is configured with no services running so that they >>become very difficult to attack. >> >>Steve Bremer > > > > >_________________________________________________________________ >Chat with friends online, try MSN Messenger: http://messenger.msn.com _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
