Date: Fri, 31 Aug 2001 15:29:43 -0500 From: Eric Anderson <anderson@centtech.com> To: Not Going to Tell You <luckywolf19@hotmail.com> Cc: security@freebsd.org Subject: Re: Possible New Security Tool For FreeBSD, Need Your Help. Message-ID: <3B8FF3B7.39F7646E@centtech.com> References: <F229QdSe9g4pXX50yki00001102@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I guess what I meant by tight was that you would only allow packets from know trusted ip's (like the one's you would be coming from) anad deny all to everyone else. Of course someone could spoof your ip, but they would have a hard time finding out that ip. The comment on sniffing was to cover the bases, not to say it happens all the time, but you can't rule things out on the basis that "99.9% of all hackers".. thats a bad mentality to have when dealing with security issues I think.. It's a good idea, I'm just asking what benefit it gives you over a strict ipfilter list? Also, would you have a "client" tool to use to do this? if it was software that did it, wouldn't it be better to do a LOT of ports, in a certain order, etc? Like 100-200? 5 is way too few to make it unhackable. By the way, guessing key sequences isn't hard, it's simple, it just takes time, and that's something that computers have a lot of. Yes, it would take a long time, but it could do it.. I'm just saying it could be a false security. Why not do something thats based on time? Like, sshd (or anything you want) will be at port X at time Y depending on Z (where Z is a 'salt' kind of thing you define). So, using an algorithm with X, Y, and Z, and the time, your server and client use the same calculations to find what X will be at a given Y. You would just need your clocks synced. This isn't perfect either, just more stuff to throw in to the mess. :) Eric Not Going to Tell You wrote: > > First, I stated that the only port that would be open would be the port 80 > http. And it is assumed that I would have already had a tight box with > strict rules. But even tight boxes still show which ports are opened. > > As for guessing the key sequence..I doubt it, if the program was able to > tell if port scanning was taking place. And do not for get the timer. > > As for sniffing, well 99.9% of all the hackers that I have seen come from > the Internet where would they put the sniffer? > > Lucky > > >From: Eric Anderson <anderson@centtech.com> > >Reply-To: anderson@centtech.com > >To: Not Going to Tell You <luckywolf19@hotmail.com> > >CC: security@freebsd.org > >Subject: Re: Possible New Security Tool For FreeBSD, Need Your Help. > >Date: Fri, 31 Aug 2001 14:40:05 -0500 > > > >it wouldn't be too hard to randomly try these until you got the "key", > >or even just sniff the traffic (assuming you have that access) and > >replicate it.. this doesnt sound like a benefit to me.. good thinking, > >but I'm not sure how it's different from having a nice and tight box > >with strict ipfilter rules and/or tcpwrappers running.. > > > >Eric > > > > > >Not Going to Tell You wrote: > > > > > > Sorry for the blank e-mail. > > > > > > I have an idea, maybe you either know if it is already been done or you > >can > > > help me write this software: > > > > > > What if I would scan 5 ports in a defined order, within a define period > >of > > > time on my remote box. A program on the box would recognize these 5 port > > > scans as a "Key" from a remote user to open a port or to activate > >another > > > software. > > > > > > Why would this be good? > > > I could close all the ports on my box except those needed to provide a > > > service (i.e. port 80), however, how can I remote manage it? So then I > >would > > > have to open a sshd port also. But this leads to a potential security > > > problem when scanned by a hacker. So, what if I had a program that sent > >a > > > type of "Key" to the box and the box recognized that the key sequence > >order > > > was from me, then opened the sshd port. After I was finished with the > >sshd > > > session, I would run another program to close the port behind me? > > > > > > Any thoughts and help is welcomed. > > > > > > Lucky > > > > > > _________________________________________________________________ > > > Get your FREE download of MSN Explorer at > >http://explorer.msn.com/intl.asp > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > >-- > >------------------------------------------------------------------------------- > >Eric Anderson anderson@centtech.com Centaur Technology (512) > >418-5792 > >Truth is more marvelous than mystery. > >------------------------------------------------------------------------------- > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology (512) 418-5792 Truth is more marvelous than mystery. ------------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B8FF3B7.39F7646E>