Re: All these open ports

To: debian-user@lists.debian.org
Subject: Re: All these open ports
From: listcomm@ml1.net
Date: Wed, 25 Aug 2004 14:07:08 -0700
Message-id: <[🔎] 1093468028.24138.203061674@webmail.messagingengine.com>
In-reply-to: <[🔎] 412989C5.8010305@techhouse.org>
References: <[🔎] pan.2004.08.14.01.56.16.429705@yahoo.com> <[🔎] efb0666804081815567af18265@mail.gmail.com> <[🔎] 1093216402.9245.202826662@webmail.messagingengine.com> <[🔎] 412989C5.8010305@techhouse.org>

> So what are exactly are you worried about?  A program uploading 
> sensitive data to a random server?  Well the easiest way for a program 
> to do that is to invoke sendmail to e-mail the information to the 
> server. In which case the program never attempts to open a port, your 
> m-t-a does. Your m-t-a opening a port is the most normal thing in the 
> world.  Or if for some reason you don't have your m-t-a properly 
> configured, it could invoke ssh or lynx or ...

You're right; there are as many opportunities for paranoia WRT what
on my system could "phone home" in which manner.

I think for Linux to be secured against that sort of thing, there would
have to be a kernel hook that logged PIDs of processes that got spawned,
and then watched to see if that PID attempted an outgoing access of some
sort.  (I'm not volunteering to write *that*...).

I've similarly wondered if the Gatesware equivalents (the "personal
firewalls")
are capable of detecting outgoing accesses by things that aren't invoked
by the user...  probably not, and the corresponding vulnerability is
probably
there for Windoze systems as well, as I mentioned earlier...

The thing is, that sort of malicious code could be embedded in anything
you
install.  The only thing protecting you is the traceability of the code
and
concomitant liability of the perpetrator to prosecution.  Otherwise half
the
frustrated geeks in the world would be embedding their little "projects"
in
their employer's products.  I don't know about you, but that sort of
"protection"
doesn't make me feel "secure" in general - I want some sort of process
monitoring that can detect outgoing communication attempts.

The fact that it hasn't happened yet, doesn't reduce my paranoia one
bit.  Moreover,
the attitude of Linux people that they're somehow immune because of the
limited
distribution of Linux compared to the Gatesware installed base, is just
whistling in
the dark, cum laude.  From the responses I get in general, the general
attitude
seems to be to shrug it off because no one can do anything about it.

Again, you're right, though, that I'm too narrowly focused WRT the real
issue.
Maybe this discussion really belongs on a linux security list...

Thanks for your input -

Reply to:

References:
- All these open ports
  - From: Tong <mlist4suntong@yahoo.com>
- Re: All these open ports
  - From: Jon Dowland <dowland@gmail.com>
- Re: All these open ports
  - From: listcomm@ml1.net
- Re: All these open ports
  - From: Travis Crump <pretzalz@techhouse.org>

Prev by Date: RE: icecast
Next by Date: Re: copying text from console to X with gpmdata?
Previous by thread: Re: All these open ports
Next by thread: RE: All these open ports
Index(es):
- Date
- Thread