Re: I am protected?

• Previous message: spag1024_at_fastermail.com: "Re: Strange emails?"
• In reply to:(deleted message) Leythos: "Re: I am protected?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 11 Dec 2004 00:58:19 -0600

On Fri, 10 Dec 2004 22:31:00 GMT, Leythos <void@nowhere.org> wrote:

>In article <op4kr0hg48820a2udg0klfca9i84googgh@4ax.com>,
>none@example.net says...
>> Your "less easy to locate" is a relative term. Using an automated hack, your
>> system (NAT router) will be located. Period. You'll just have the more
>> experienced hackers probing your ports, not the script kiddies.
>
>I agree, and I don't advocate hiding as a means of security, what I like
>to do is obscure what ports I have services running on in order to make
>them less of a target. For instance, VNC is a very common application
>for viewing a remote desktop, we all know what port it runs on by
>default, and if I were scanning a network and got a response on that
>port I would expect to find VNC running there. If I were to configure my
>VNC service to run on port 65000, even if it was scanned, it would not
>necessarily be identified as VNC, although that's a bad example, since
>it can be queried for what it is.
>
>The point is that obscurity relates only to moving services to non-
>standard ports to make them less easy to detect by the standard scans,
>not against scanning all 65535 ports.
>
>A good example of this is when I port forward a port - lets say 49876
>(made that up) for use with VNC inside a network on a server. My
>firewall logs show that they have never been scanned for port 49876, so
>it makes it a good port to use (currently). If I were to run it on the
>default port, it would be detected in a couple days, but by using the
>non-standard port, it's not been probed once in over a year. That's
>obscurity - which has nothing to do with security - it's hiding in the
>crowd in plain sight.

That's a good point, for right now anyway. Changing your setup - not using a
default configuration - is one way to protect yourself. But it's not a complete
solution.

I was trying to point out that darkhack's idea of SBO, by hiding your computer
in a sea of others, is an illusional solution. The automated hacks in use today
will find you, and if you're not otherwise protected, your computer may end up a
bot.

-- 
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

• Previous message: spag1024_at_fastermail.com: "Re: Strange emails?"
• In reply to:(deleted message) Leythos: "Re: I am protected?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]