MrC wrote:
jonheal;161938 Wrote:
Now, here's where my lack of networking expertise comes into play ... if
a port is open, but nothing's listening on it, or in this case, only
SlimServer, is the only way into the network through that port, THROUGH
Slimserver?
Ports are opened to allow access to the services behind the port. What
the service actually does with input is entirely up to the service
itself. If the service is not well designed to prevent various forms
of attack (buffer overflows, etc.), the service can be used as a vector
of attack through unforeseen and unintended ways.
Buffer overflows are mostly a result of things being written in the C
language. Perl does automatic memory allocation for scalars (strings)
and should be safe from buffer overflows. Of course, some modules may be
written in C and be vulnerable to overflows if you pass large enough
strings to them, but in general Perl services are much safer this way.
There have been far too many real cases where this happens - in fact,
dozens of new holes are discovered in various pieces of software on a
daily basis. Furthermore, the exploits to take advantage of these
holes become available almost immediately. The bot networks are
enormous now from (owned) insecure, openly accessible systems.
Those are mostly buffer overflows they're exploiting and holes in web
browsers which allow hackers to execute code remotely.
Do not become a victim through ignorance - there is simply no reason to
allow worldwide access to unproven services, when simple, effective
security measures are available
Jus put up an IP filter in your router. Slimserver is not a target to
these people, but it's quite conceivable that there are bugs that allow
people more access than you'd like to give them. No reason to run
unnecessary risks.
Regards,
Peter
_______________________________________________
discuss mailing list
[email protected]
http://lists.slimdevices.com/lists/listinfo/discuss
