On Thu, Jun 28, 2001 at 09:28:42AM -0300, Pedro Zorzenon Neto wrote:
> Hi folks,
>
> Suppose I trust ultimately in my 192.168.1.x users.
> To the outside world the only service 'nmap' shows opened is tcp port 22 -> ssh.
>
> So, if 'ssh' has some security bug, people can use this bug to explore my system.
>That I know is true.
>
> Now, what I'd like to know...
>
> Is there any way of getting some exploit in a CLOSED port? Some kernel, ipchains or
>other bug that allows someone explore closed ports?
> What about ports that are opened to 192.168.1.x but are REJECTed by ipchains to the
>internet. Are they explorable by internet?
> If the port is CLOSED, than it's safe?
>
Hmmm... Correcting the other guy, if the port is closed, it means that nobody listens
to connections on this port. If something is listening, but firewall blocks the
service,
the port is considered filtered. In any case to answer your question, if all your
ports are closed, there is still a way to exploit some bug in either kernel TCP/IP
implementation or
firewalling code ( ipchains ). Or someone could exploit some mistake in your firewall
configuration. For example if you set your kernel to assemble all packets before
forwarding I could try and flood you with TCP fragments hoping that your firewall will
run out of buffer space needed to assemble them and will crash. If your ipchains allow
fragmented packets to go through without chacking if they belong to any particular
connection I can ( supposedly ) try to use fragmented IP flag to do stuff behind your
firewall etc. etc. etc.
--
"The pure and simple truth is rarely pure, and never simple." Oscar Wilde
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
