Sujet : Re: Chinese downloads overloading my website
De : blockedofcourse (at) *nospam* foo.invalid (Don Y)
Groupes : sci.electronics.designDate : 20. Mar 2024, 17:52:32
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <utf48m$1je0g$1@dont-email.me>
References : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
User-Agent : Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2
On 3/20/2024 8:03 AM, Carlos E.R. wrote:
On 2024-03-15 16:55, Peter wrote:
>
"Carlos E.R." <robin_listas@es.invalid> wrote:
>
Port knocking ;)
>
I was thinking of using a high port. I do that.
>
The sniffer will find any port # in a few more seconds...
Actually it takes longer than that. So far, no hits; and I would notice when someone tries to login on ssh.
Why would an attacker try to breach a secure protocol -- hoping
you have enabled it without any protections??
A port scanner just needs to see if it gets a response from
a particular port, not whether or not it can invoke a particular
protocol on that port. Even "refusing the connection" tells the
scanner that there is a host at that IP.
Simple exercise: go to another host and just TRY to open a
connection to port 22 (sshd) or 23 (telnetd). Don't try to
login. What do you see on the server concerning this
activity?
You can learn a lot about the host, OS, etc. just from watching how
it reacts to connections and connection attempts (e.g., how it
assigns sequence numbers, which ports are open "by default", etc.)
Of course, one can defend the fort from casual attackers, not from determined attackers; those will eventually find a way.
Only if they sense potential value beyond what they can get
for less effort, elsewhere. With all of the casual hosts out there,
(especially those folks who don't realize their security risks)
its silly to waste resources trying to get to one that poses any
sort of obstacle.
And, if you don't KNOW that there is a machine at that IP, then
what's your attack strategy? Just push packets down a black hole
and *hope* there is something there, listening (but ignoring)?
What do you do if I just hammer away at your IP even KNOWING that
you've got all your ports closed? Any *legitimate* traffic
can't get through (including replies to your outbound requests)
because I am saturating your pipe. What can you do to *stop* me
from doing this?
[The same sort of logic applies to "hidden" diagnostic ports
in devices. If I keep pushing bytes into a "debug" UART, I
consume system resources at a rate that *I* control. Was your
firmware designed to handle this possibility? Or, did you
assume only "authorized technicians" would use said port and
only in benevolent ways?]
Chinese downloads overloading my website
Re: Chinese downloads overloading my website
