[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: What about closed ports?

Hash: SHA1

I'd be more worried about traffic on open ports that is MUXed i.e.
telnet over port 80.

- -----Original Message-----
From: Jeld The Dark Elf [mailto:jeld@mindless.com]
Sent: Tuesday, July 03, 2001 6:25 PM
To: debian-security@lists.debian.org
Subject: Re: What about closed ports?

On Thu, Jun 28, 2001 at 09:28:42AM -0300, Pedro Zorzenon Neto wrote:
> Hi folks,
> Suppose I trust ultimately in my 192.168.1.x users.
> To the outside world the only service 'nmap' shows opened is tcp
port 22 -> ssh.
> So, if 'ssh' has some security bug, people can use this bug to
explore my system. That I know is true.
> Now, what I'd like to know...
> Is there any way of getting some exploit in a CLOSED port? Some
kernel, ipchains or other bug that allows someone explore closed
> What about ports that are opened to 192.168.1.x but are REJECTed by
ipchains to  the internet. Are they explorable by internet?
> If the port is CLOSED, than it's safe?
Hmmm... Correcting the other guy, if the port is closed, it means that
nobody listens 
to connections on this port. If something is listening, but firewall
blocks the service,
the port is considered filtered. In any case to answer your question,
if all your ports are closed, there is still a way to exploit some bug
in either kernel TCP/IP implementation or
firewalling code ( ipchains ). Or someone could exploit some mistake
in your firewall configuration. For example if you set your kernel to
assemble all packets before forwarding I could try and flood you with
TCP fragments hoping that your firewall will run out of buffer space
needed to assemble them and will crash. If your ipchains allow
fragmented packets to go through without chacking if they belong to
any particular connection I can ( supposedly ) try to use fragmented
IP flag to do stuff behind your firewall etc. etc. etc.

- -- 
"The pure and simple truth is rarely pure, and never simple." Oscar

- --  
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

Version: PGPfreeware 6.0.2i


Reply to: