Deutsch English Français Italiano |
<utf48m$1je0g$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Don Y <blockedofcourse@foo.invalid> Newsgroups: sci.electronics.design Subject: Re: Chinese downloads overloading my website Date: Wed, 20 Mar 2024 09:52:32 -0700 Organization: A noiseless patient Spider Lines: 58 Message-ID: <utf48m$1je0g$1@dont-email.me> References: <usec35$130bu$1@solani.org> <u14quid1e74r81n0ajol0quthaumsd65md@4ax.com> <usjiog$15kaq$1@solani.org> <t7rrui5ohh07vlvn5vnl277eec6bmvo4p9@4ax.com> <usm6v6$17e2c$1@solani.org> <gabuui56k0fn9iovps09um30lhiqhvc61t@4ax.com> <usqjih$h74g$1@dont-email.me> <afq1viha37gjs37sprgfb30dfm0m1ok5jh@4ax.com> <ustdn0$176f7$1@dont-email.me> <usv8fu$1nhtm$1@dont-email.me> <usvu8g$1slrq$2@dont-email.me> <ut1bm8$28gvp$1@dont-email.me> <gsrdckxea6.ln2@Telcontar.valinor> <ut1r0u$2bmvo$2@dont-email.me> <rfarckxnmm.ln2@Telcontar.valinor> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Wed, 20 Mar 2024 16:52:38 -0000 (UTC) Injection-Info: dont-email.me; posting-host="d6fdbaa94c63f1c94d0dc6aeabf5edd0"; logging-data="1685520"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+E1XwvHmJWQTEjIt/kU4dM" User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2 Cancel-Lock: sha1:I7VFnaKZRC25ssOcCdIoA3IFcwo= Content-Language: en-US In-Reply-To: <rfarckxnmm.ln2@Telcontar.valinor> Bytes: 3951 On 3/20/2024 8:03 AM, Carlos E.R. wrote: > On 2024-03-15 16:55, Peter wrote: >> >> "Carlos E.R." <robin_listas@es.invalid> wrote: >> >>>> Port knocking ;) >>> >>> I was thinking of using a high port. I do that. >> >> The sniffer will find any port # in a few more seconds... > > Actually it takes longer than that. So far, no hits; and I would notice when > someone tries to login on ssh. Why would an attacker try to breach a secure protocol -- hoping you have enabled it without any protections?? A port scanner just needs to see if it gets a response from a particular port, not whether or not it can invoke a particular protocol on that port. Even "refusing the connection" tells the scanner that there is a host at that IP. Simple exercise: go to another host and just TRY to open a connection to port 22 (sshd) or 23 (telnetd). Don't try to login. What do you see on the server concerning this activity? You can learn a lot about the host, OS, etc. just from watching how it reacts to connections and connection attempts (e.g., how it assigns sequence numbers, which ports are open "by default", etc.) > Of course, one can defend the fort from casual attackers, not from determined > attackers; those will eventually find a way. Only if they sense potential value beyond what they can get for less effort, elsewhere. With all of the casual hosts out there, (especially those folks who don't realize their security risks) its silly to waste resources trying to get to one that poses any sort of obstacle. And, if you don't KNOW that there is a machine at that IP, then what's your attack strategy? Just push packets down a black hole and *hope* there is something there, listening (but ignoring)? What do you do if I just hammer away at your IP even KNOWING that you've got all your ports closed? Any *legitimate* traffic can't get through (including replies to your outbound requests) because I am saturating your pipe. What can you do to *stop* me from doing this? [The same sort of logic applies to "hidden" diagnostic ports in devices. If I keep pushing bytes into a "debug" UART, I consume system resources at a rate that *I* control. Was your firmware designed to handle this possibility? Or, did you assume only "authorized technicians" would use said port and only in benevolent ways?]