Thread: Calibre server wont start ...help please
View Single Post
Old 05-17-2010, 10:43 AM   #19
chaley
Grand Sorcerer
chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.
 
Posts: 12,476
Karma: 8025702
Join Date: Jan 2010
Location: Notts, England
Device: Kobo Libra 2
Quote:
Originally Posted by theducks View Post
Chaley, you need to do something about the label below your name
Probably, but that is the way I often feel these days.
Quote:
Originally Posted by Starson17 View Post
Assume the following: ...
4) The bad guys are not specifically targeting the user - they don't know in advance about any of 1-3
Targeting a user is infrequent. Targeting an application happens all the time.
Quote:
To successfully attack, the bad guys would need to ...
This process is called footprinting. There are malware tools generally available that try to identify the software that responds on a port. On the server I run for my family, I get 100's of probes per day.
Quote:
Is there any way of estimating how likely any of that is? ...
No, other than to say 'not likely'. The flip side is that a penetration needs happen only once, then the tool sets are updated and the script kiddies go nuts with it.
Quote:
Has anyone seen any studies where they watch to see what happens during a scan-the-ports type of attack? ...
Yes. I have participated in some of them.

The vast majority of attackers are running automated tools found on the web. These can generally be ignored, because a) the attackers don't know what they are doing, and b) the vulnerabilities exploited are usually old. For example, my server is probed many times per day by common SSH dictionary attach daemons that appear to be clones of each other. One way to identify a clone it probes with the username 'fluffy' (!), a daily occurrence.

Security by obscurity, which is what you are doing by picking a random port, can work rather well to hide known applications. It doesn't work against a determined attacker. The music and ebooks industry has learned this, because they depend upon obfuscation to keep their DRM encryption keys secret. We know how well that works.

As for port scans, my server has been fully scanned more than once. When I lived in Malaysia, my home router was fully scanned at least once per week, something that doesn't happen where I am now. Twice application-specific attacks on my server have succeeded, once because my son didn't keep some app up to date (and I didn't know he installed it), and once because of a zero-day attack.

The danger comes from bad guys who pay attention and know what they are doing. These combine port scans with footprinting, then do vulnerability probes based on what they find. Vulnerabilities are shared within this small community, as are maps of machines with open ports.

The above notwithstanding, it would be very surprising if some random port (not below 8999!) on a particular home machine is probed by a tool that is smart enough to identify the software behind it. However, I have been surprised before, so I believe that a bit of constructive paranoia is called for, but not so much that I don't use my computers for what they are good for.
chaley is offline   Reply With Quote