funsec mailing list archives
RE: Sunbelt: Anatomy of a Malicious Host File Hijack
From: "Todd Towles" <toddtowles () brookshires com>
Date: Thu, 12 Jan 2006 15:08:56 -0600
This is a method plenty of people use... I've worked at several companies that want to run applications/servers but are concerned about the visibility... so they run them on some random port. For example (though this example is really obscurity and customization), why run FTP on 21 when it's designed to be a closed service between trusted clients... why not run it on 5467? Does this enhance security in any way? DEFINITELY NOT!!... but it does eliminate 99% of default port scans just looking for FTP running on 21. I wouldn't recommend it... but I understand the theory behind it....
I would recommend it, but only as a part of a multiple defense system. It is true that security thru obsurity (and security thru customization) can break apps and generally cause problems, that isn't the examples I am looking for. I wanted more simple examples, like the IE Toolbar move customization. It is easy for a normal internet to notice the change in the URL location as opposed to knowing that a IFRAME has taken over the location where the bar would normally be...etc. Perhaps they aren't too many examples, but I know of a couple more...Matt Davis gave the example of renaming the guest account to administrator and logging all access..which would imply you rename the Administrator account as well. This is security thru customization, you take the standard and make it non-standard without little or zero negative effect. But I guess you could call that security thru obscurity as well..but not really. Comments? -Todd _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Sunbelt: Anatomy of a Malicious Host File Hijack Fergie (Jan 11)
- <Possible follow-ups>
- RE: Sunbelt: Anatomy of a Malicious Host File Hijack Todd Towles (Jan 12)
- Re: Sunbelt: Anatomy of a Malicious Host File Hijack Brian Barrios (Jan 12)
- RE: Sunbelt: Anatomy of a Malicious Host File Hijack Todd Towles (Jan 12)