What do net attackers look for?

[Mike Oliver]

Quoting Kristian Erik Hermansen <kristian.hermansen-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>:

> It depends if you are talking about known vulnerabilities or unknown
> vulnerabilities :-)  There is always the possibility of remote kernel
> vulnerabilities, and in such a case, the remote attack doesn't need to
> know any passwords.  The rule in security is to assume everything is
> bad and only accept what you know is good.  So, block everything in
> your firewall, then accept what you need.  A common misconception is
> that if you do not have an ipv6 network, then you don't need ipv6
> filtering.  This is not the case.  Many attackers commonly exploit
> this misconception and get all sorts of details about your servers.
> If they have a private flaw, they may utilize ipv6 to sneak the
> payload in under your firewall rules.
>
> So, block everything, and poke holes for what you need...

Good advice, which I follow.  As I say, my ipv6 filtering is not so
much filtering as it is total blocking, because I don't know enough about
ipv6 to write rules about which I feel confident.  What I want to know is,
suppose it was open for five or ten minutes during setup, and suppose I used
an old password that someone might conceivably have had on record waiting for
an opportunity to use it.  Would you reinstall for that?

--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists