RE: Cracking a server without services

From: Williams, Larry (Larry.Williams@fiserv.com)
Date: 07/11/02


Date: Thu, 11 Jul 2002 10:39:42 -0500
From: "Williams, Larry" <Larry.Williams@fiserv.com>
To: "'Ferry van Steen'" <ferry.van.steen@InfoPart.nl>, "Security-basics@securityfocus.com" <Security-basics@securityfocus.com>

The only truly secure system is the one that's not turned on. But then it's not very efficient.

Even on a system with all incoming ports closed, a user may still establish an outgoing connection, which must allow a related incoming connection. If the server to which the user connects has been hijacked, or if the DNS server the user accessed has been poisoned, then the user may be accessing damaging information without his or her knowledge, and may not be able to stop it before harm is done.

This does not take into consideration internal attacks, social engineering, virii and worms, or any of the other vulnerabilities of IT security. But they all work in concert to ensure your otherwise technologically secured server is safe from attack.

-----Original Message-----
From: Ferry van Steen
Sent: Wednesday, July 10, 2002 17:19
To: Security-basics@securityfocus.com
Subject: Cracking a server without services

Hey there,

I was just wondering. I know the rule is everything can be cracked. But can
anyone point me to info on how to crack something with no ports open or/and
perhaps tell me how that's called (so I can search...). To me it seems
impossible but I have a feeling that's a false sense of security and I'd
like to get a better understanding of this so I can take appropiate actions
on my servers. Also I think this knowledge will come in handy in the future
since I gotta write a firewall on linux for a DMZ and LAN set up in like a
week or so and I don't want to tell my boss that the webserver is the only
thing that can be cracked because that's the only service we run if that
ain't so, although the chance someone with that knowledge/expertise will
hunt us will probably be nihil.

Kind regards,

Ferry van Steen
InfoPart Automatisering B.V.
Beeksestraat 24
4841 GC Prinsenbeek
Phone: +31 (0)76 - 5 44 04 11
Fax: +31 (0)76 - 5 41 83 51
Mobile: +31 (0)6 - 28 46 47 45
E-Mail (business): ferry.van.steen@infopart.nl
E-Mail (private): freaky@bananateam.nl
MSN Messenger: freaky@freaky2000.dyndns.org
ICQ (UIN (seldom used)): 191458