Re:This is the last time I'm explaining it to you.
on
Hardening Linux
·
· Score: 1
It's not like either unplugging a network cable or routing through the ISP first are going to open up more ports on the machine the attacker would be targeting; those things can only filter ports. The worst case scenario is that the attacker sees that the machine has all the ports open listed as output in nmapping your network assigned IP.
Re:This is the last time I'm explaining it to you.
on
Hardening Linux
·
· Score: 1
How do you keep getting modded up? What you're saying is false. You obviously know nothing about networking.
Notice how, as I become more and more "public", less and less ports show. An attacker will only see what I get back when I nmap my box's hostname. When I nmap my LAN IP, more ports show, but not as many as show when I nmap localhost. On my router, I employ port forwarding, so nmapping my public IP of course shows fewer ports open. The 6112/tcp filtered dtspc port listing shown when nmapping my public IP is from my router. But this is STILL WHAT AN ATTACKER WOULD SEE. I don't know how I can provide more of an exact example than this, but what you're saying is just false, newb.
Everything on slashdot turns into a flamewar because there are a bunch of little kids like you that don't know wtf they're talking about, and then this banter persists, even though my original post was perfectly accurate. This isn't a pissing contest, you're giving out bad information, and then somehow being modded up for it. Maybe your posts keep getting marked as informative because the person giving you mod points didn't know about this, and has for some reason adopted your points as fact, but in doing has simply helped spread your false ideas of how the world works.
The bottom line is, if you nmap the IP address that an attacker will try to exploit, you will see what he sees, unless there is a firewall that restricts access to a range of IPs including the attacker's and not your own.
It's not like his machine sees something different when he runs `nmap ###########.com`, not unless my last statement is true.
vic@localhost ~ $ nmap localhost
Starting Nmap 4.20 ( http://insecure.org/ ) at 2007-08-12 16:22 EDT
Interesting ports on localhost (127.0.0.1):
Not shown: 1691 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
2049/tcp open nfs
3306/tcp open mysql
Nmap finished: 1 IP address (1 host up) scanned in 0.172 seconds vic@localhost ~ $ nmap 192.168.1.2
Starting Nmap 4.20 ( http://insecure.org/ ) at 2007-08-12 16:22 EDT
Interesting ports on 192.168.1.2:
Not shown: 1692 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
2049/tcp open nfs
Nmap finished: 1 IP address (1 host up) scanned in 0.175 seconds vic@localhost ~ $ nmap ###########.com
Starting Nmap 4.20 ( http://insecure.org/ ) at 2007-08-12 16:22 EDT
Interesting ports on ###########.com (###########):
Not shown: 1694 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
6112/tcp filtered dtspc
Nmap finished: 1 IP address (1 host up) scanned in 13.222 seconds
But we're discussing identifying which services are bound to which socket device from an attacker's perspective. Getting a list of services is trivial, and could be accomplished with netstat -a, but this gives a bunch of information that isn't always relevant or accurate from a network perspective of looking in on a machine (although much of the information is usually the same.)
The only case where this would not be true is if there were an intermediate firewall between her PC and her ISP, this firewall filtered access by source address, and her own IP was not in the source address list. This case is rare, and would also imply that the attacker would have means to spoof the address sent to the firewall. In general though, when there isn't a firewall between a PC and a mere cable modem, this will never be the case.
You don't understand. Obviously, her PC could access her own IP address (the one assigned by her ISP.) Therefore, her PC could access itself via the exact same interface that an attacker would use, as they both would hit that IP address.
nmap localhost
is not the same thing as:
nmap 77.120.22.135 # her ISP provided IP address
Running nmap on those two IP addresses yields different results. The latter will show exactly what an attacker would see. When a service is bound to an IP on a machine, it has a choice of which IP to bind to. Services accessible by the connection on her eth0 network device (or any other device, for that matter) can be viewed by nmapping the network IP associated with that device. If her cable modem filtered traffic or ports, the list given by nmap would still be accurate, as any filtered ports would come back either as filtered or closed.
The IP address you run nmap on is bound to a different interface altogether. If you run it on the IP of the interface an attacker will access, you will see what the attacker sees. As such, going to a different machine is still superfluous. You're giving misinformation by trying to say it's not.
Re:That's a good point. Thanks.
on
Hardening Linux
·
· Score: 1
I think you missed my point -- you can see what an attacker would see from the local machine, by nmapping the network IP. Going to a different machine is superfluous.
Re:Dude, that article sucked.
on
Hardening Linux
·
· Score: 1
Did you see where it mentioned nmap? No? Because it didn't. Wouldn't you expect it to tell you to run nmap from a different machine to you can what your outside profile looks like? Actually, you can run nmap from the local machine, as long as you target an IP of the machine that is accessible via the network (often 0.0.0.0, 192.x.x.x, 10.x.x.x, or an internet IP,) it will give you the same list of open ports as if you were running it from a different machine. It is often useful to run it locally, anyway, so that you can compare the output of `nmap localhost` and `nmap 0.0.0.0`, as often a machine will have services running that are only accessible locally.
Maybe this is related to Bill Gates' recent comments, saying he dares someone to do to Microsoft what has recently happened with OS X and zero-days. Careful what you wish for.
http://apple.slashdot.org/article.pl?sid=07/02/02/ 1940232
There already exists a consistent devotion to high quality software, otherwise people wouldn't write open source software in their spare time.
Applying standards to quality levels could prove tedious to existing and future project maintainers as it's one more thing to add to and worry about in the design and implementation stages. What besides the GUI could be regulated? Code efficiency? Documentation? Those things are already done sufficiently. If those things weren't already done sufficiently, people would not use or contribute to the project.
Actually the article said nothing about the moon seeming to have a smooth surface. It said the moon could have huge mountains and valleys, or be perfectly flat. It said that at this time there was no way to tell.
Dr. Jessica Bayliss of the Rochester Institute of Technology does plenty of research on brain-computer interfaces, it's one of her interests. More information here:
I think you're forgetting that the Y project was put back into motion. The goals of that project already overcome those of the current X. With enough effort the Y project could take over if needed.
Slashdot Mirror
It's not like either unplugging a network cable or routing through the ISP first are going to open up more ports on the machine the attacker would be targeting; those things can only filter ports. The worst case scenario is that the attacker sees that the machine has all the ports open listed as output in nmapping your network assigned IP.
How do you keep getting modded up? What you're saying is false. You obviously know nothing about networking.
Notice how, as I become more and more "public", less and less ports show. An attacker will only see what I get back when I nmap my box's hostname. When I nmap my LAN IP, more ports show, but not as many as show when I nmap localhost. On my router, I employ port forwarding, so nmapping my public IP of course shows fewer ports open. The 6112/tcp filtered dtspc port listing shown when nmapping my public IP is from my router. But this is STILL WHAT AN ATTACKER WOULD SEE. I don't know how I can provide more of an exact example than this, but what you're saying is just false, newb.
Everything on slashdot turns into a flamewar because there are a bunch of little kids like you that don't know wtf they're talking about, and then this banter persists, even though my original post was perfectly accurate. This isn't a pissing contest, you're giving out bad information, and then somehow being modded up for it. Maybe your posts keep getting marked as informative because the person giving you mod points didn't know about this, and has for some reason adopted your points as fact, but in doing has simply helped spread your false ideas of how the world works.
The bottom line is, if you nmap the IP address that an attacker will try to exploit, you will see what he sees, unless there is a firewall that restricts access to a range of IPs including the attacker's and not your own.
It's not like his machine sees something different when he runs `nmap ###########.com`, not unless my last statement is true.
vic@localhost ~ $ nmap localhost
Starting Nmap 4.20 ( http://insecure.org/ ) at 2007-08-12 16:22 EDT
Interesting ports on localhost (127.0.0.1):
Not shown: 1691 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
2049/tcp open nfs
3306/tcp open mysql
Nmap finished: 1 IP address (1 host up) scanned in 0.172 seconds
vic@localhost ~ $ nmap 192.168.1.2
Starting Nmap 4.20 ( http://insecure.org/ ) at 2007-08-12 16:22 EDT
Interesting ports on 192.168.1.2:
Not shown: 1692 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
2049/tcp open nfs
Nmap finished: 1 IP address (1 host up) scanned in 0.175 seconds
vic@localhost ~ $ nmap ###########.com
Starting Nmap 4.20 ( http://insecure.org/ ) at 2007-08-12 16:22 EDT
Interesting ports on ###########.com (###########):
Not shown: 1694 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
6112/tcp filtered dtspc
Nmap finished: 1 IP address (1 host up) scanned in 13.222 seconds
But we're discussing identifying which services are bound to which socket device from an attacker's perspective. Getting a list of services is trivial, and could be accomplished with netstat -a, but this gives a bunch of information that isn't always relevant or accurate from a network perspective of looking in on a machine (although much of the information is usually the same.)
The only case where this would not be true is if there were an intermediate firewall between her PC and her ISP, this firewall filtered access by source address, and her own IP was not in the source address list. This case is rare, and would also imply that the attacker would have means to spoof the address sent to the firewall. In general though, when there isn't a firewall between a PC and a mere cable modem, this will never be the case.
You don't understand. Obviously, her PC could access her own IP address (the one assigned by her ISP.) Therefore, her PC could access itself via the exact same interface that an attacker would use, as they both would hit that IP address.
nmap localhost
is not the same thing as:
nmap 77.120.22.135 # her ISP provided IP address
Running nmap on those two IP addresses yields different results. The latter will show exactly what an attacker would see. When a service is bound to an IP on a machine, it has a choice of which IP to bind to. Services accessible by the connection on her eth0 network device (or any other device, for that matter) can be viewed by nmapping the network IP associated with that device. If her cable modem filtered traffic or ports, the list given by nmap would still be accurate, as any filtered ports would come back either as filtered or closed.
The IP address you run nmap on is bound to a different interface altogether. If you run it on the IP of the interface an attacker will access, you will see what the attacker sees. As such, going to a different machine is still superfluous. You're giving misinformation by trying to say it's not.
I think you missed my point -- you can see what an attacker would see from the local machine, by nmapping the network IP. Going to a different machine is superfluous.
Maybe this is related to Bill Gates' recent comments, saying he dares someone to do to Microsoft what has recently happened with OS X and zero-days. Careful what you wish for. http://apple.slashdot.org/article.pl?sid=07/02/02/ 1940232
I'll have more of them now; guess I'll have a place to set my java.
There already exists a consistent devotion to high quality software, otherwise people wouldn't write open source software in their spare time. Applying standards to quality levels could prove tedious to existing and future project maintainers as it's one more thing to add to and worry about in the design and implementation stages. What besides the GUI could be regulated? Code efficiency? Documentation? Those things are already done sufficiently. If those things weren't already done sufficiently, people would not use or contribute to the project.
Actually the article said nothing about the moon seeming to have a smooth surface. It said the moon could have huge mountains and valleys, or be perfectly flat. It said that at this time there was no way to tell.
Dr. Jessica Bayliss of the Rochester Institute of Technology does plenty of research on brain-computer interfaces, it's one of her interests. More information here:
I think you're forgetting that the Y project was put back into motion. The goals of that project already overcome those of the current X. With enough effort the Y project could take over if needed.