Short answers: No. Yes. Longer answers below.
At 09:38 AM 5/11/00 -0700, John wrote:
>I don't understand some security issues, one of which is the concern people
express about hackers gaining access to 'ports' on machines.
>
>To do damage doesn't a vandal/hacker have to actually log in to a system as
in a telnet session ?
No. To do damage, a vandal has to be able to run a program on your system.
Logging in via telnet is one way to do that. There are others.
Many "exploits" involve finding holes in daemons that allow one to upload
and run arbitrary programs. I'm not an expert in vandalism, but well-known
flaws include incorrectly set ownership or permissions (e.g., on a Web
server), buffer overflows, inadequate filtering of uploads (once a common
problem with cgi scripts), and undocumented backdoors. Naturally, there
isn't *much* of this stuff in the world of Open Source, but programmers and
sysadmins aren't infallible, so honest mistakes continue to get made.
Some services, in the past, were set to supply information that would help
someone break in. The "finger" service is the example familiar to most
everyone. The "systat" and "netstat" portss are rarely open these days, but
they used to provide a lot of information about the systems they ran on.
Actually, there are ways to "do damage" without even running anything on the
target system. Examples are the Ping of Death and Denial of Service attacks.
>Is there some other form of access apart from telnet that would give a
hacker access to my machine.
Yes, as illustrated above ... though not in the detail needed to serve as a
tutorial for the uninitiated.
------------------------------------"Never tell me the odds!"---
Ray Olszewski -- Han Solo
Palo Alto, CA [EMAIL PROTECTED]
----------------------------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
