Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Assuming I do a complete internal port scan of my linux box. Then turn off all listening services. Then even if I removed my firewall no one could hack my box. Is this correct?
All they could do is scan me, know that i'm acually there and see all ports closed. Nothing to connect too, and so I can't be hacked?
But they could they lauch some type of attack against my tcp/ip stack, and bring my computer down, correct? ping of death or something like that. But still they can't hack my box, just annoy me. Is everything I'm saying correct?
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Rep:
sorry... no matter how hard you try to secure your box, there will be someone out there who will find a hole in that seurity, the question is not that there is no way to make a box 100% hack proof, you can secure it to the point where it's not worth their time to try and hack you.
If you'd really like a "hack-proof" box, pull the Internet connection plug (because, otherwise, you've allowed data not produced by you to enter the box.)
Then place the box in a locked room, and unplug it from any power source.
This, I believe, would be totally secure. And, of course, totally useless.
My point: What, exactly, do you mean by "hack-proof?" Remember, most "hacks" (of Linux systems, not MS stuff) are done by "trusted users" who abuse their access privileges or just "give away" their password(s).
Even the original MULTICS system was certified only to level B, but that was "good enough" for the White House to use it for its mail system. (During Nixon's term in office.)
again can I have specific details as to my argument. WERE DOES MY LOGIC FROM MY FIRST POST FALL APART. specific detail.
For Example ...Something like here is why you argument is faulty... if someone can attack my tcp/ip stack then they could create a buffer overflow turning a service on and then attack that service and so on and so on and so on...
I just made that up. I don't think it's even remotely possible. So is the arguemnt i put up in my first post indeed correct. I believe it to be so. Unless someone could give me a specific detailed reason as to why it falls apart?
I really not here to mess with anyone I'm just trying to learn and would like some serious technical replies as to my agrument. Thank you in advance to anyone how can enlighten me.
Yes, you'd be pretty secure but could still be hacked thrugh a hole in the TCP/IP stack. You could also be hacked through a client program on your end, ex. web browser, email program, etc. Even if you have a firewall, whose to say there's not a security hole in that anyway.
Good stuff slacky. Thanks. So my assumption is correct with no services listening on any port the a hole in the TCP/IP stack would be the only thing to attack. Do you or anyone know of, or have ever know there to be a hole in the TCP/IP stack that would allow an attacker to gain access to my system. The attacker could of course bring you system and annoy you but could he acually gain access? I don't think so, am i correct.
And yes absolutely my web browser, email, and whatever other client program that listens on ports would temporaraly increase my attack surface while they are running, but lets just put that aside for the moment and talk about the base system that i put forth in my argument. Good stuff though slacky. Anyone else have any technical comments about this post.
Put a little more clearly. Assuming my first post is done then ...
Attack Surface = TCP/IP stack
There is absolutely nothing else there to be attacked. So that brings it done to one and only one question. Has there ever been a hole in the linux TCP/IP stack that has been exploited to grant access to the system? Is it possible, sure, anything is possible. And sure they could attack the TCP/IP stack and crash the sytem. I don't care. More relevant is has anyone ever found a way to gain access to the system through the linux TCP/IP stack?
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Rep:
this thread is old... but slacky has a point... even with a firewall, that won't stop someone from exploiting a hole in say, your web browser, IM client, or ftp client, etc... to install a trojan/backdoor of some soort, then just march in.
Theoretically yes. But as soon as you start trying to do something with your computer you will have to start network-enabled services, for example the X server will be started to run any graphical apps. So unless you just want a pretty useless computer with just a kernel running, and nothing much else, you should configure a firewall.
Quote:
There is absolutely nothing else there to be attacked. So that brings it done to one and only one question. Has there ever been a hole in the linux TCP/IP stack that has been exploited to grant access to the system? Is it possible, sure, anything is possible. And sure they could attack the TCP/IP stack and crash the sytem. I don't care. More relevant is has anyone ever found a way to gain access to the system through the linux TCP/IP stack?
I'd say there almost certainly would have been at some time in the past. I'm not sure that there have been any recently, ie. in the last few years.
There are also other types of attacks that don't require abuse of a service daemon. Things like ARP poisoning, routing table manipulation and other types of MITM attacks can all be used to compromise a system. They wouldn't do it by themselves, however you could realisitically imagine a scenario where a MITM attack is used to trick a user into revealing a sensitive username/password.
A year ago, there was a serious and exploitable bug in netfilter that could be triggered if you were logging TCP options. These holes appear from time to time. Keep up to date with latest vulnerabilities.
Don't understimate the potential holes in web clients, archivers, graphics & multimedia programs. Don't run these things as root
If you run no services and keep your kernel up to date, you are reasonably safe. I, however, run a dedicated hardware firewall, as well as client firewalls, and keep kernels and software current. I'm still not 100% secure: you never can be. But most hackers will give up and move on to another, easier, target.
Quote:
When you're swimming in shark-infested waters with your friend, you don't have to outswim the shark. Just your friend.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.