RE: [suse-security] Assuming closed box get attacked
Too keep it simple,the only thing I do on the internet is to regulary ping a certain server to check its heartbeat.
If this is the only thing you do, and you do not run _anything_ else on this box that provides a service to the outside, thus no ftp, no smtp nothing even. There is no one able from the outside to connect to your machine and you do not even need a packet filter. There is nothing to subvert at all.
Would think, that i need a packet filter to hide myself against ping-scanning (disable whole icmp) and to let flow all packets to (electrical sample) ground without any response (nmap ect.) to be completly unvisible. Packetfilter should be helpful to filter packets that would compromise my tcp/ip stack. A packet that is filtered cannot hurt the stack !?
The only thing making a box like that unsecure is a possible physical access to it.
And what about other protocols then icmp,udp,tcp. Not ipx,smb ect. but routing protocols - i not exactly know about.
But then it would have some function if only to have you think that the box you ping is still online. However pinging a box does not mean that the services running on it are still working.
The ping traffic example was choosen, to say, that the box is quite on the internet and to prevent answers relating http/ftp ect. attacks.
Now I have never heard of hijacking a ping session, let alone use it to create a bufferoverflow and have that execute code that came with the ping response. Makes for a beautiful academic question ofcourse if such a thing would be possible.
Me not too. But the "ping of death" is in afterglow. Michael Appeldorn
participants (1)
-
Michael Appeldorn