Security Basics mailing list archives
RE: Roger's last comment on changing Port defaults
From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 24 Jan 2005 10:16:15 -0800
Imagine a house who's outside walls were nothing but doors-after-doors, wall-to-wall, corner to corner. Most fake, and only one real one. On a normal house, thief tries front or back door (or breaks window) to enter house (or uses some other vector). He still has to try a key, pick it, or bust down the correct door when he finds it.Not quite a good analogy in this case. A thief would normally recon the area and determine the suitable target. Say, he selects your house. Seeing that many doors, he wouldn't know which one to break or open. But like I mentioned, he would do a reconnaissance. Check out who goes in and comes out and from which door. Then he'd concentrate his efforts on that particular door.
A (slightly) clever thief will go for the door with the worn path leading to it. At first glance, that doesn't analogize well to the digital world, but in practice renumbered service ports are sometimes made easier to use by the implementation of service-location or redirection services which make the intruder's job just as easy. (Renaming the administrator account doesn't achieve much is you still permit anonymous enumeration of accounts, for instance.) -- Much mention has been made in this thread of the Slammer worm. It's easy to forget that many victims were utterly unaware that they had authorized Microsoft -- or had authorized someone else to authorize Microsoft! -- to build an SQLserver wing onto their house. They'd no idea that that (unlocked) door *existed*, let alone whether anything (besides the worm) would break if they reconfigured its port number. David Gillett
Current thread:
- Roger's last comment on changing Port defaults Roger A. Grimes (Jan 20)
- Re: Roger's last comment on changing Port defaults cc (Jan 24)
- RE: Roger's last comment on changing Port defaults David Gillett (Jan 24)
- Re: Roger's last comment on changing Port defaults yonesy (Jan 24)
- Re: Roger's last comment on changing Port defaults cc (Jan 24)