Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)

To: debian-user@lists.debian.org,Brian <ad44@cityscape.co.uk>
Subject: Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
From: Dominik George <nik@naturalnet.de>
Date: Fri, 31 Mar 2017 15:41:15 +0200
Message-id: <[🔎] EB4ACF24-F871-407B-9073-5AFB61B5401B@naturalnet.de>
In-reply-to: <[🔎] D95A2BE1-A57E-45E6-8B13-E3404299B26B@naturalnet.de>
References: <[🔎] ef34df2b-20d7-e2ed-f9a4-875cc09c9b68@cloud85.net> <[🔎] 1da38dbd-57cc-816a-b108-9b1a54159701@holgerdanske.com> <[🔎] slrnocd4r9.8pl.dan@xps-linux.djph.net> <[🔎] b996cffe-6f59-38df-8aa4-35e62a92c150@holgerdanske.com> <[🔎] 20170331120044.GU8896@localhost.localdomain> <[🔎] 20170331121804.GA18992@tuxteam.de> <[🔎] 31032017141204.fc6bce367b7a@desktop.copernicus.org.uk> <[🔎] D95A2BE1-A57E-45E6-8B13-E3404299B26B@naturalnet.de>

>Well, not without getting root first.
>
>And making something listen that spawns a shell usable to gain further
>access is a big win. Keeping uploading PHP code to some vulnerable
>webserver will at some point be noticed. Uploading something spawning a
>shell once probably not.
>

When $someone hacked $somebigamericanwebhoster some years ago, $they first found a CMS that allowed online editing of its PHP code. $they were able to use that to run arbitrary shell commands. However, that thing had an edit history, so keeping passing in new code produced a well-visible log each time (in retrospective, $they could just have patched that away, but well...).

Uploading and starting ajaxterm, however, cost $them only two edits, and as it went listening on its own port without a firewall logging, $they had an interactive shell that could be configured to keep no record of anything.

(Not of any interest here, but $they then found a misconfigured NFS share that mapped all UIDs to root, keeping suid bits... use your imagination for the rest. But $they would not have found that without an interactive shell.)

-nik

Reply to:

References:
- Guide(s?) to backup philosophies
  - From: Richard Owlett <rowlett@cloud85.net>
- Re: Guide(s?) to backup philosophies
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: Guide(s?) to backup philosophies
  - From: Dan Purgert <dan@djph.net>
- Re: Guide(s?) to backup philosophies
  - From: David Christensen <dpchrist@holgerdanske.com>
- should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
  - From: cbannister@slingshot.co.nz
- Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
  - From: <tomas@tuxteam.de>
- Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
  - From: Brian <ad44@cityscape.co.uk>
- Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
  - From: Dominik George <nik@naturalnet.de>

Prev by Date: Re: ipv6 apt issue
Next by Date: Re: OT: speaking of days (weeks, months, years, etc.) (was: Re: Movie 'n Book recommendations by Curt)
Previous by thread: Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
Next by thread: Re: Guide(s?) to backup philosophies
Index(es):
- Date
- Thread