p2p, anonymity and security

Hewitt Tech hewitt_tech at comcast.net
Thu Mar 11 13:59:01 EST 2004 

----- Original Message ----- 
From: <bscott at ntisys.com>
To: "Greater NH Linux User Group" <discuss at gnhlug.org>
Sent: Thursday, March 11, 2004 1:22 PM
Subject: Re: p2p, anonymity and security


> On Thu, 11 Mar 2004, at 12:04am, greg at freephile.com wrote:
> > So, my first question...Is a Linksys Router doing 'firewall' duty and
NAT
> > easy to get past?
>
>   Absolutely.  But not through the vectors you think.
>
>   Those SOHO routers are pretty simple.  They do stateful tracking of TCP
> and UDP, and block anything incoming that you didn't originate.  For
> example, someone trying to telnet into the root shell you have running on
> TCP port 666 will be blocked.
>
>   It's the stuff you allow that is the problem.  You say you have forward
> some ports?  What ports?  What are you running on those ports?
>
>   For example: If you forward a port in for that root shell I mentioned,
> anyone who finds that can take over your computer.
>
>   You mention you've installed some software.  How trustworthy is this
> software?  If the software contains backdoors which grant remote access,
it
> won't matter how strong your firewall is -- because you've explicitly told
> your firewall to allow the traffic.  Or maybe the software contains no
> deliberate exposures, but is so buggy that exploits are a dime a dozen.
Or
> maybe the design of the network protocol(s) it uses defeat your firewall.
> Or whatever.
>
>   I have encountered many situations where a network with a very good
> firewall is totally compromised by hostile software.  A firewall won't
help
> if you download and install the attack vectors willingly.

You may recall within the last year or so a case where someone walked into a
Kinkos copy center and installed a keyboard logger on their public access
machines. In at least a couple of instances, Kinko's customers were using
GoToMyPC software thinking that they could securely access their systems at
the office or home. Unfortunately the keyboard logger trapped the account,
account password, and server password as they were being entered for access
to the GoToMyPC servers.

The guy was caught but not before he managed to perpetrate a fair bit of
identity theft. So the moral is that even relatively secure setups such as
used by GoToMyPC can be compromised by a trojan. Firewalls have pretty much
no defense against this kind of exploit.

-Alex

P.S. The keyboard logger was cleaned off the Kinko's systems but only after
the exploit had been uncovered.

>
> -- 
> Ben Scott <bscott at ntisys.com>
> | The opinions expressed in this message are those of the author and do  |
> | not represent the views or policy of any other person or organization. |
> | All information is provided without warranty of any kind.              |
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
>

More information about the gnhlug-discuss mailing list