RE: Cracking a server without services

From: Williams, Larry (Larry.Williams@fiserv.com)
Date: 07/11/02


Date: Thu, 11 Jul 2002 10:39:42 -0500
From: "Williams, Larry" <Larry.Williams@fiserv.com>
To: "'Ferry van Steen'" <ferry.van.steen@InfoPart.nl>, "Security-basics@securityfocus.com" <Security-basics@securityfocus.com>

The only truly secure system is the one that's not turned on. But then it's not very efficient.

Even on a system with all incoming ports closed, a user may still establish an outgoing connection, which must allow a related incoming connection. If the server to which the user connects has been hijacked, or if the DNS server the user accessed has been poisoned, then the user may be accessing damaging information without his or her knowledge, and may not be able to stop it before harm is done.

This does not take into consideration internal attacks, social engineering, virii and worms, or any of the other vulnerabilities of IT security. But they all work in concert to ensure your otherwise technologically secured server is safe from attack.

-----Original Message-----
From: Ferry van Steen
Sent: Wednesday, July 10, 2002 17:19
To: Security-basics@securityfocus.com
Subject: Cracking a server without services

Hey there,

I was just wondering. I know the rule is everything can be cracked. But can
anyone point me to info on how to crack something with no ports open or/and
perhaps tell me how that's called (so I can search...). To me it seems
impossible but I have a feeling that's a false sense of security and I'd
like to get a better understanding of this so I can take appropiate actions
on my servers. Also I think this knowledge will come in handy in the future
since I gotta write a firewall on linux for a DMZ and LAN set up in like a
week or so and I don't want to tell my boss that the webserver is the only
thing that can be cracked because that's the only service we run if that
ain't so, although the chance someone with that knowledge/expertise will
hunt us will probably be nihil.

Kind regards,

Ferry van Steen
InfoPart Automatisering B.V.
Beeksestraat 24
4841 GC Prinsenbeek
Phone: +31 (0)76 - 5 44 04 11
Fax: +31 (0)76 - 5 41 83 51
Mobile: +31 (0)6 - 28 46 47 45
E-Mail (business): ferry.van.steen@infopart.nl
E-Mail (private): freaky@bananateam.nl
MSN Messenger: freaky@freaky2000.dyndns.org
ICQ (UIN (seldom used)): 191458



Relevant Pages

  • Re: Stolen server with Windows 2003
    ... There is no such thing as the perfectly secure system. ... Have a secure room built to house the server. ... "Marlin Todd" wrote in message ... You can pretty much assume that the data is now:> completely available to the thieves. ...
    (microsoft.public.windows.server.security)
  • Re: SetTime2.vbs file not working anymore
    ... some poor programming in it but it seems logically correct). ... errors, probably from the server, on the alternative time server. ... > oh well, can't say we didn't give it the ol' college try, eh mate! ... > hey, iz there really a yellow brick road, leading to OZ ?! ...
    (microsoft.public.windowsxp.general)
  • Re: Stolen server with Windows 2003
    ... "Given the time and patience" is the key phrase. ... Beyond physical security, encryption is ... the only real mitigation for the server theft scenario. ... > There is no such thing as the perfectly secure system. ...
    (microsoft.public.windows.server.security)
  • Re: OT Did you get your open season insurance docs yet?
    ... STFU, and leave, eh? ... server is a function. ... Hey, like I have said several times... ... figure this all out rat bitch. ...
    (rec.boats)
  • Re: Sendmail and IMAP Setup Issue
    ... > being delievered to my server: ... >> Hey Guys, ... Check the sendmail queue, the logs says the are ready for delivery, ... to see if the mail is delivered or not readable by mail client ...
    (RedHat)