LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-11-2005, 01:10 PM   #1
chbin
Member
 
Registered: Mar 2005
Distribution: slackware-current
Posts: 379

Rep: Reputation: 31
Very curious


Assuming I do a complete internal port scan of my linux box. Then turn off all listening services. Then even if I removed my firewall no one could hack my box. Is this correct?

All they could do is scan me, know that i'm acually there and see all ports closed. Nothing to connect too, and so I can't be hacked?

But they could they lauch some type of attack against my tcp/ip stack, and bring my computer down, correct? ping of death or something like that. But still they can't hack my box, just annoy me. Is everything I'm saying correct?
 
Old 03-11-2005, 01:24 PM   #2
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,101

Rep: Reputation: 369Reputation: 369Reputation: 369Reputation: 369
no box is completely secure
 
Old 03-11-2005, 01:32 PM   #3
chbin
Member
 
Registered: Mar 2005
Distribution: slackware-current
Posts: 379

Original Poster
Rep: Reputation: 31
frieza you are kinda lite on the words. care to elaborate a little. specefically with my logic and where it breaks down if it does. thanks.
 
Old 03-11-2005, 01:42 PM   #4
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,101

Rep: Reputation: 369Reputation: 369Reputation: 369Reputation: 369
sorry... no matter how hard you try to secure your box, there will be someone out there who will find a hole in that seurity, the question is not that there is no way to make a box 100% hack proof, you can secure it to the point where it's not worth their time to try and hack you.
 
Old 03-11-2005, 01:56 PM   #5
PTrenholme
Senior Member
 
Registered: Dec 2004
Location: Olympia, WA, USA
Distribution: Fedora, (K)Ubuntu
Posts: 4,151

Rep: Reputation: 330Reputation: 330Reputation: 330Reputation: 330
If you'd really like a "hack-proof" box, pull the Internet connection plug (because, otherwise, you've allowed data not produced by you to enter the box.)

Then place the box in a locked room, and unplug it from any power source.

This, I believe, would be totally secure. And, of course, totally useless.

My point: What, exactly, do you mean by "hack-proof?" Remember, most "hacks" (of Linux systems, not MS stuff) are done by "trusted users" who abuse their access privileges or just "give away" their password(s).

Even the original MULTICS system was certified only to level B, but that was "good enough" for the White House to use it for its mail system. (During Nixon's term in office.)
 
Old 03-11-2005, 02:01 PM   #6
chbin
Member
 
Registered: Mar 2005
Distribution: slackware-current
Posts: 379

Original Poster
Rep: Reputation: 31
again can I have specific details as to my argument. WERE DOES MY LOGIC FROM MY FIRST POST FALL APART. specific detail.

For Example ...Something like here is why you argument is faulty... if someone can attack my tcp/ip stack then they could create a buffer overflow turning a service on and then attack that service and so on and so on and so on...

I just made that up. I don't think it's even remotely possible. So is the arguemnt i put up in my first post indeed correct. I believe it to be so. Unless someone could give me a specific detailed reason as to why it falls apart?

I really not here to mess with anyone I'm just trying to learn and would like some serious technical replies as to my agrument. Thank you in advance to anyone how can enlighten me.
 
Old 03-11-2005, 02:17 PM   #7
slacky
Member
 
Registered: Feb 2004
Location: USA
Distribution: Debian
Posts: 174

Rep: Reputation: 16
Yes, you'd be pretty secure but could still be hacked thrugh a hole in the TCP/IP stack. You could also be hacked through a client program on your end, ex. web browser, email program, etc. Even if you have a firewall, whose to say there's not a security hole in that anyway.
 
Old 03-11-2005, 02:29 PM   #8
chbin
Member
 
Registered: Mar 2005
Distribution: slackware-current
Posts: 379

Original Poster
Rep: Reputation: 31
Good stuff slacky. Thanks. So my assumption is correct with no services listening on any port the a hole in the TCP/IP stack would be the only thing to attack. Do you or anyone know of, or have ever know there to be a hole in the TCP/IP stack that would allow an attacker to gain access to my system. The attacker could of course bring you system and annoy you but could he acually gain access? I don't think so, am i correct.

And yes absolutely my web browser, email, and whatever other client program that listens on ports would temporaraly increase my attack surface while they are running, but lets just put that aside for the moment and talk about the base system that i put forth in my argument. Good stuff though slacky. Anyone else have any technical comments about this post.
 
Old 03-11-2005, 03:09 PM   #9
chbin
Member
 
Registered: Mar 2005
Distribution: slackware-current
Posts: 379

Original Poster
Rep: Reputation: 31
Put a little more clearly. Assuming my first post is done then ...

Attack Surface = TCP/IP stack

There is absolutely nothing else there to be attacked. So that brings it done to one and only one question. Has there ever been a hole in the linux TCP/IP stack that has been exploited to grant access to the system? Is it possible, sure, anything is possible. And sure they could attack the TCP/IP stack and crash the sytem. I don't care. More relevant is has anyone ever found a way to gain access to the system through the linux TCP/IP stack?
 
Old 08-05-2005, 09:29 AM   #10
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,101

Rep: Reputation: 369Reputation: 369Reputation: 369Reputation: 369
this thread is old... but slacky has a point... even with a firewall, that won't stop someone from exploiting a hole in say, your web browser, IM client, or ftp client, etc... to install a trojan/backdoor of some soort, then just march in.

Last edited by frieza; 08-05-2005 at 09:40 AM.
 
Old 08-08-2005, 06:35 PM   #11
tkedwards
Senior Member
 
Registered: Aug 2004
Location: Munich, Germany
Distribution: Opensuse 11.2
Posts: 1,549

Rep: Reputation: 51
Quote:
Attack Surface = TCP/IP stack
Theoretically yes. But as soon as you start trying to do something with your computer you will have to start network-enabled services, for example the X server will be started to run any graphical apps. So unless you just want a pretty useless computer with just a kernel running, and nothing much else, you should configure a firewall.

Quote:
There is absolutely nothing else there to be attacked. So that brings it done to one and only one question. Has there ever been a hole in the linux TCP/IP stack that has been exploited to grant access to the system? Is it possible, sure, anything is possible. And sure they could attack the TCP/IP stack and crash the sytem. I don't care. More relevant is has anyone ever found a way to gain access to the system through the linux TCP/IP stack?
I'd say there almost certainly would have been at some time in the past. I'm not sure that there have been any recently, ie. in the last few years.
 
Old 08-08-2005, 07:17 PM   #12
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
There are also other types of attacks that don't require abuse of a service daemon. Things like ARP poisoning, routing table manipulation and other types of MITM attacks can all be used to compromise a system. They wouldn't do it by themselves, however you could realisitically imagine a scenario where a MITM attack is used to trick a user into revealing a sensitive username/password.
 
Old 08-08-2005, 08:25 PM   #13
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
A year ago, there was a serious and exploitable bug in netfilter that could be triggered if you were logging TCP options. These holes appear from time to time. Keep up to date with latest vulnerabilities.

Don't understimate the potential holes in web clients, archivers, graphics & multimedia programs. Don't run these things as root
 
Old 08-08-2005, 10:42 PM   #14
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
If you run no services and keep your kernel up to date, you are reasonably safe. I, however, run a dedicated hardware firewall, as well as client firewalls, and keep kernels and software current. I'm still not 100% secure: you never can be. But most hackers will give up and move on to another, easier, target.
Quote:
When you're swimming in shark-infested waters with your friend, you don't have to outswim the shark. Just your friend.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
just curious... crazydutchman Slackware 4 03-17-2004 07:31 PM
just curious Derek-kun Linux - Newbie 1 09-04-2003 09:53 PM
Just curious? BajaNick General 3 08-03-2003 12:36 AM
just curious hobylinux Linux - Hardware 7 08-01-2003 06:50 AM
Just Curious Smooth General 2 07-03-2003 02:22 PM


All times are GMT -5. The time now is 09:06 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration