|
|
Sponsored Content
Special Forums
Cybersecurity
firewall vs. closing ports
Post 15036 by adam_crosby on Saturday 9th of February 2002 12:37:47 AM
02-09-2002
This is/was a purely theory-based question. The server farms I manage get both treatments (invidual 'hardening', and a cluster of high performance firewalls) because a) no single solution will ever be totally secure, and b) not all attacks come from filtered IPs. This is common knowledge. I guess what my question should have been is this:
Excluding any form of packet based denial of service (wherein a target's service is denied due to an overwhelming amount of 'bad' traffic), can a unix system be attacked using TCP/IP, if no programs are listening? I guess a case in point would be the old Ping of Death, where nothing had to be listening on the host (besides a conformant TCP stack), but a specially malformed ICMP echo request would crash the system. I may be groping in the dark for something that has no real answer, or no 'easy' answer, but I have just been wondering on what avenues an exposed system is open to attack.
If no daemons or other programs are listening on a given port, does the OS and it's TCP stack just ignore inbound packets destined for that port? Is there a special 'dead packet zone'? I could probably look this up in the source, but I'm not exactly a hotshot C coder (in fact, I might go as far as to say I suck worse than a 1st year CS student
.
Excluding any form of packet based denial of service (wherein a target's service is denied due to an overwhelming amount of 'bad' traffic), can a unix system be attacked using TCP/IP, if no programs are listening? I guess a case in point would be the old Ping of Death, where nothing had to be listening on the host (besides a conformant TCP stack), but a specially malformed ICMP echo request would crash the system. I may be groping in the dark for something that has no real answer, or no 'easy' answer, but I have just been wondering on what avenues an exposed system is open to attack.
If no daemons or other programs are listening on a given port, does the OS and it's TCP stack just ignore inbound packets destined for that port? Is there a special 'dead packet zone'? I could probably look this up in the source, but I'm not exactly a hotshot C coder (in fact, I might go as far as to say I suck worse than a 1st year CS student
.|
|
9 More Discussions You Might Find Interesting
1. Cybersecurity
/* Linux Slackware */
Nmap shows the following ports open on the gateway.
21/tcp ftp
22/tcp ssh
23/tcp telnet
25/tcp smtp
37/tcp time
80/tcp http
113/tcp auth
515/tcp printer
587/tcp submission
1024/tcp kdm
6000/tcp x11
-------------------------------
i would like to close as... (10 Replies)
Discussion started by: LowOrderBit
10 Replies
2. IP Networking
Hi all
Is there a command that I can use to close out open ports?
I did a netstat - a -p and got a long list of ports open (see sample below). I have disabled the some of the applications from /etc/services/. But there are still applications listening on certain ports.
I need to know how to... (6 Replies)
Discussion started by: skotapal
6 Replies
3. Post Here to Contact Site Administrators and Moderators
hi,
Just wondering if there could be a way to close threads whose creator has got the desired reply.
however if someone still wants to give a remark or suggest further on the thread one can still do so.
Besides on the control panel there should be some kind of selection criteria to view... (3 Replies)
Discussion started by: linuxpenguin
3 Replies
4. Cybersecurity
Could someone please settle an inter-office argument? Will your network traffic be slower through a firewall on any other port other than port 80. In other words, is port 80 faster than any other port you open on the firewall. I say no. Thanks in advance for the help! (2 Replies)
Discussion started by: cocolsmith
2 Replies
5. Shell Programming and Scripting
Ok i know to open a window from a script (mac);
open whatever(name of a directory)
but i don't how to close it.
please some help.
thanks. (0 Replies)
Discussion started by: Tártaro
0 Replies
6. Shell Programming and Scripting
i have a text file i.e file1.txt which shows open ports on particular system. i have another text file i.e file2.txt which shows a list of allowed ports on a system. for eg:
file2.txt
22/tcp ssh
23/tcp telnet.
can i have a script which would compare these text files ,file1 and file2 ... (1 Reply)
Discussion started by: anand121
1 Replies
7. What is on Your Mind?
It was officially announced that AllTheWeb is closing. Yahoo! no longer supports the function as per april 2011: AlltheWeb.com
Before the world turned to google by default, there used to be a plethora of search engines. Most of them gave a headache with the prolific use of colors and animated gifs... (4 Replies)
Discussion started by: figaro
4 Replies
8. UNIX for Dummies Questions & Answers
Alright... this question comes from the fact that I'm trying to setup postfix to relay messages to Office 365 SMTP but its giving me connection refused... I read that if you have doubts if your port is open or not you should telnet to them so thats what I did.
This is a Red Hat 6.3 box.
My... (4 Replies)
Discussion started by: RedSpyder
4 Replies
9. Post Here to Contact Site Administrators and Moderators
Hi,
I guess, users do not have rights to close a thread.
Please close thread 'Small automation' as it is resolved.
Regards,
snjksh (1 Reply)
Discussion started by: snjksh
1 Replies
LEARN ABOUT PLAN9
faith
FAITH(4) BSD Kernel Interfaces Manual FAITH(4) NAME
faith -- IPv6-to-IPv4 TCP relay capturing interface SYNOPSIS
device faith DESCRIPTION
The faith interface captures IPv6 TCP traffic, for implementing userland IPv6-to-IPv4 TCP relay like faithd(8). Each faith interface is created at runtime using interface cloning. This is most easily done with the ifconfig(8) create command or using the cloned_interfaces variable in rc.conf(5). Special action will be taken when IPv6 TCP traffic is seen on a router, and the routing table suggests to route it to the faith interface. In this case, the packet will be accepted by the router, regardless of the list of IPv6 interface addresses assigned to the router. The packet will be captured by an IPv6 TCP socket, if it has the IN6P_FAITH flag turned on and matching address/port pairs. As a result, faith will let you capture IPv6 TCP traffic to some specific destination addresses. Userland programs, such as faithd(8) can use this behavior to relay IPv6 TCP traffic to IPv4 TCP traffic. The program can accept some specific IPv6 TCP traffic, perform getsockname(2) to get the IPv6 destination address specified by the client, and perform application-specific address mapping to relay IPv6 TCP to IPv4 TCP. The IN6P_FAITH flag on a IPv6 TCP socket can be set by using setsockopt(2), with level IPPROTO_IPV6 and optname IPv6_FAITH. To handle error reports by ICMPv6, some ICMPv6 packets routed to an faith interface will be delivered to IPv6 TCP, as well. To understand how faith can be used, take a look at the source code of faithd(8). As the faith interface implements potentially dangerous operations, great care must be taken when configuring it. To avoid possible misuse, the sysctl(8) variable net.inet6.ip6.keepfaith must be set to 1 prior to using the interface. When net.inet6.ip6.keepfaith is 0, no packets will be captured by the faith interface. The faith interface is intended to be used on routers, not on hosts. SEE ALSO
inet(4), inet6(4), faithd(8) Jun-ichiro itojun Hagino and Kazu Yamamoto, An IPv6-to-IPv4 transport relay translator, RFC3142. HISTORY
The FAITH IPv6-to-IPv4 TCP relay translator first appeared in the WIDE hydrangea IPv6 stack. BSD
April 10, 1999 BSD