What do net attackers look for?

[Kristian Erik Hermansen]

On Feb 13, 2008 2:30 PM, Mike Oliver <moliver-fC0AHe2n+mcIvw5+aKnW+Pd9D2ou9A/h at public.gmane.org> wrote:
> I don't really want to know all the gory details.  I'm mostly interested
> in the answer to the direct question:  If an attacker can guess your password
> and your firewall is off, but you haven't turned on any of the obvious
> daemons, what is the risk level?

It depends if you are talking about known vulnerabilities or unknown
vulnerabilities :-)  There is always the possibility of remote kernel
vulnerabilities, and in such a case, the remote attack doesn't need to
know any passwords.  The rule in security is to assume everything is
bad and only accept what you know is good.  So, block everything in
your firewall, then accept what you need.  A common misconception is
that if you do not have an ipv6 network, then you don't need ipv6
filtering.  This is not the case.  Many attackers commonly exploit
this misconception and get all sorts of details about your servers.
If they have a private flaw, they may utilize ipv6 to sneak the
payload in under your firewall rules.

So, block everything, and poke holes for what you need...
-- 
Kristian Erik Hermansen
"Know something about everything and everything about something."
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists