RE: What about closed ports?

To: 'Dmitriy Kropivnitskiy' <jeld@mindless.com>, debian-security@lists.debian.org
Subject: RE: What about closed ports?
From: Nick Nanos <nick@itactics.com>
Date: Wed, 4 Jul 2001 10:56:09 -0400
Message-id: <[🔎] 9D0B1828EA4DD411AD170050BAB3A0EB5DE33F@kodiak>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'd be more worried about traffic on open ports that is MUXed i.e.
telnet over port 80.

- -----Original Message-----
From: Jeld The Dark Elf [mailto:jeld@mindless.com]
Sent: Tuesday, July 03, 2001 6:25 PM
To: debian-security@lists.debian.org
Subject: Re: What about closed ports?


On Thu, Jun 28, 2001 at 09:28:42AM -0300, Pedro Zorzenon Neto wrote:
> Hi folks,
> 
> Suppose I trust ultimately in my 192.168.1.x users.
> To the outside world the only service 'nmap' shows opened is tcp
port 22 -> ssh.
> 
> So, if 'ssh' has some security bug, people can use this bug to
explore my system. That I know is true.
> 
> Now, what I'd like to know...
> 
> Is there any way of getting some exploit in a CLOSED port? Some
kernel, ipchains or other bug that allows someone explore closed
ports?
> What about ports that are opened to 192.168.1.x but are REJECTed by
ipchains to  the internet. Are they explorable by internet?
> If the port is CLOSED, than it's safe?
> 
Hmmm... Correcting the other guy, if the port is closed, it means that
nobody listens 
to connections on this port. If something is listening, but firewall
blocks the service,
the port is considered filtered. In any case to answer your question,
if all your ports are closed, there is still a way to exploit some bug
in either kernel TCP/IP implementation or
firewalling code ( ipchains ). Or someone could exploit some mistake
in your firewall configuration. For example if you set your kernel to
assemble all packets before forwarding I could try and flood you with
TCP fragments hoping that your firewall will run out of buffer space
needed to assemble them and will crash. If your ipchains allow
fragmented packets to go through without chacking if they belong to
any particular connection I can ( supposedly ) try to use fragmented
IP flag to do stuff behind your firewall etc. etc. etc.


- -- 
"The pure and simple truth is rarely pure, and never simple." Oscar
Wilde


- --  
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0.2i

iQA/AwUBO0MuiaMRGat91zK1EQI4UwCeMRN69Po9VS4zchovvIs1sjDSrGAAniyl
kFul7bgrPNC5YGgZ9N9/yhFk
=1O3E
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: What about closed ports?
  - From: Jeld The Dark Elf <jeld@mindless.com>

Prev by Date: Re: Where to put iptables script
Next by Date: Re: What about closed ports?
Previous by thread: Re: What about closed ports?
Next by thread: Re: What about closed ports?
Index(es):
- Date
- Thread