[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Might be off topic. Are computers with 168.192.x.x safe from Internet?
- Subject: Re: [cobalt-security] Might be off topic. Are computers with 168.192.x.x safe from Internet?
- From: shimi <shimi@xxxxxxxxxxxxxxxx>
- Date: Fri, 8 Jun 2001 05:16:12 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Fri, 8 Jun 2001, Gossi The Dog wrote:
>
>
>
> On Fri, 8 Jun 2001, shimi wrote:
>
> >
> > On Fri, 8 Jun 2001, Gossi The Dog wrote:
> >
> > >
> > >
> > >
> > > On Thu, 7 Jun 2001, shimi wrote:
> > >
> > > >
> > > > On Fri, 8 Jun 2001, satan wrote:
> > > >
> > > > > What ever you do, If you become the main target of a true hacker, he will break in your system soon or later, You cannot have a 100% securoty seal, but you can surely bring this high enought to be able to sleep at night.
> > > > <...>
> > > > > Stephen Gilbert
> > > > > satan@xxxxxxxxxxxxxxxx
> > > >
> > > > If you're running a linux box that MASQs all packets from the LAN, and
> > > > drops all the incoming connections from the internet (both of these with
> > > > IPchains) - I believe that it can be said that you're 100% not hackable.
> > >
> > > Not really. Unless it's a Linux box running a recent version of the 2.4
> > > series of kernels, it's possible to force packets through to the internal
> > > network using a bug to do with FTP PASV handling, or some such. There's
> > > detail of it on bugtraq somewhere.
> > >
> > > If you rely on a box filtering traffic, you have to realise it's all
> > > software, and software is, by nature, buggy. That's why companies that
> > > rely on protecting the security of their network solely with products like
> > > Firewall-1 annoy me.
> > >
> > > Firewall-1 being a good example of something very exploitable (past
> > > history wise, anyway).
> > >
> > > Regards.
> > >
> >
> > but if there are no services running on that box, how are you going to get
> > an initial access to the machine??
> >
> > because if that's possible, every box on the internet is hackable, in a
> > matter of seconds (or the time it takes to get in) - I still don't
> > understand how...
>
> You don't hack that box - you use flaws in the kernel firewall code to
> access boxes BEHIND it. As in, all the Windows boxes, the default install
> Redhat boxes etc companies tend to have behind the firewalls of their
Ah point taken :)
But can't that be done against real firewalls? I mean, what do they
differ? (I've never touched a Firewall-1 or such... so far did only linux
firewalling, and that seemed to stop even the most persistent of them)
- shimi.