[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Might be off topic. Are computers with 168.192.x.x safe from Internet?
- Subject: Re: [cobalt-security] Might be off topic. Are computers with 168.192.x.x safe from Internet?
- From: shimi <shimi@xxxxxxxxxxxxxxxx>
- Date: Fri, 8 Jun 2001 02:02:37 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Fri, 8 Jun 2001, Gossi The Dog wrote:
>
>
>
> On Thu, 7 Jun 2001, shimi wrote:
>
> >
> > On Fri, 8 Jun 2001, satan wrote:
> >
> > > What ever you do, If you become the main target of a true hacker, he will break in your system soon or later, You cannot have a 100% securoty seal, but you can surely bring this high enought to be able to sleep at night.
> > <...>
> > > Stephen Gilbert
> > > satan@xxxxxxxxxxxxxxxx
> >
> > If you're running a linux box that MASQs all packets from the LAN, and
> > drops all the incoming connections from the internet (both of these with
> > IPchains) - I believe that it can be said that you're 100% not hackable.
>
> Not really. Unless it's a Linux box running a recent version of the 2.4
> series of kernels, it's possible to force packets through to the internal
> network using a bug to do with FTP PASV handling, or some such. There's
> detail of it on bugtraq somewhere.
>
> If you rely on a box filtering traffic, you have to realise it's all
> software, and software is, by nature, buggy. That's why companies that
> rely on protecting the security of their network solely with products like
> Firewall-1 annoy me.
>
> Firewall-1 being a good example of something very exploitable (past
> history wise, anyway).
>
> Regards.
>
but if there are no services running on that box, how are you going to get
an initial access to the machine??
because if that's possible, every box on the internet is hackable, in a
matter of seconds (or the time it takes to get in) - I still don't
understand how...
- shimi.