Re: I am protected?

From: Chuck (none_at_example.net)
Date: 12/11/04

  • Next message: Gordon Darling: "Re: Full-disclosure Down any news."
    Date: 11 Dec 2004 00:58:19 -0600
    
    

    On Fri, 10 Dec 2004 22:31:00 GMT, Leythos <void@nowhere.org> wrote:

    >In article <op4kr0hg48820a2udg0klfca9i84googgh@4ax.com>,
    >none@example.net says...
    >> Your "less easy to locate" is a relative term. Using an automated hack, your
    >> system (NAT router) will be located. Period. You'll just have the more
    >> experienced hackers probing your ports, not the script kiddies.
    >
    >I agree, and I don't advocate hiding as a means of security, what I like
    >to do is obscure what ports I have services running on in order to make
    >them less of a target. For instance, VNC is a very common application
    >for viewing a remote desktop, we all know what port it runs on by
    >default, and if I were scanning a network and got a response on that
    >port I would expect to find VNC running there. If I were to configure my
    >VNC service to run on port 65000, even if it was scanned, it would not
    >necessarily be identified as VNC, although that's a bad example, since
    >it can be queried for what it is.
    >
    >The point is that obscurity relates only to moving services to non-
    >standard ports to make them less easy to detect by the standard scans,
    >not against scanning all 65535 ports.
    >
    >A good example of this is when I port forward a port - lets say 49876
    >(made that up) for use with VNC inside a network on a server. My
    >firewall logs show that they have never been scanned for port 49876, so
    >it makes it a good port to use (currently). If I were to run it on the
    >default port, it would be detected in a couple days, but by using the
    >non-standard port, it's not been probed once in over a year. That's
    >obscurity - which has nothing to do with security - it's hiding in the
    >crowd in plain sight.

    That's a good point, for right now anyway. Changing your setup - not using a
    default configuration - is one way to protect yourself. But it's not a complete
    solution.

    I was trying to point out that darkhack's idea of SBO, by hiding your computer
    in a sea of others, is an illusional solution. The automated hacks in use today
    will find you, and if you're not otherwise protected, your computer may end up a
    bot.

    -- 
    Cheers,
    Chuck
    Paranoia comes from experience - and is not necessarily a bad thing.
    

  • Next message: Gordon Darling: "Re: Full-disclosure Down any news."

    Relevant Pages

    • How did they get past my NAT?
      ... kicked in on my VNC server - my desktop background image disappeared ... this point I panicked and shutdown the VNC service ASAP. ... My question is how the attacker got to my VNC port! ... the internet through the router. ...
      (comp.security.firewalls)
    • Re: VNC behind ISA Server
      ... On what ports VNC uses, please read the following information from VPN ... A VNC server listens on two ports. ... The exact port numbers depend on the VNC ... Microsoft can make no representation concerning ...
      (microsoft.public.windows.server.sbs)
    • How did they get behind my NAT?
      ... this point I panicked and shutdown the VNC service ASAP. ... My question is how the attacker got to my VNC port! ... the internet through the router. ... client connection using local port number 5900 (which was also being ...
      (alt.computer.security)
    • Re: Should I buy an older imac for my Grandma?
      ... a couple of weeks ago I finally got around to putting VNC Server ... At some point I'll probably protect it with SSH. ... Port forwarding port 22 through the router ...
      (comp.sys.mac.system)
    • Re: PLINK and/or PuTTY -- Logon to Linux with no Privileges
      ... There are firewalls that can detect this sort of thing, ... We've tried just regular VNC, with no luck, then tried it on port 80, ... were easily broken out of because, well, they're shell scripts! ...
      (comp.security.ssh)