How secure are we?

Discussion in 'General Topics' started by nadirah, Oct 26, 2004.

Thread Status:
Not open for further replies.
  1. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Is there a firewall on the server at all? The firewall should be blocking unsolicited ICMP pings.
    Take a look at this:

    Ping to www.wilderssecurity.com
    Generated by www.DNSstuff.com at 15:04:44 GMT on 26 Oct 2004.

    Pinging www.wilderssecurity.com:

    Ping #1: Got reply from www.wilderssecurity.com in 21ms [TTL=51]
    Ping #2: Got reply from www.wilderssecurity.com in 20ms [TTL=51]
    Ping #3: Got reply from www.wilderssecurity.com in 30ms [TTL=51]
    Ping #4: Got reply from www.wilderssecurity.com in 22ms [TTL=51]

    Done pinging www.wilderssecurity.com!

    (to do an IPv6 ping for a domain name, add a ':' before the domain name)


    (C) Copyright 2000-2004 R. Scott Perry
     
  2. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    If you are running a web server, don't you have to allow pings?
     
  3. FunnyMonkey

    FunnyMonkey Guest

    No. Ping uses ICMP, web servers use port 80. You can turn off ICMP packet support on most firewalls. It adds a level of security...not much of one, though since port 80 is so common on even unsecured machines (e.g. PWS) that it will be the second thing tested after ping to see if something is there to be exploited.
     
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Servers should stay pingable - how else is anyone to identify whether they have a network connection problem if they cannot access a website? Also the main reason for personal firewalls blocking pings is to obscure people's online presence - a website on the other hand has to be visible and available. This does not rule out having a firewall, but does make proper security more of a challenge (like running a P2P program on a PC, you leave a door open to attackers).

    There's plenty of other information available about Wilderssecurity.com also. I dare say Paul and the other admins keep abreast of Apache security issues though another upgrade is due... ;)
     
  5. Jimbob1989

    Jimbob1989 Registered Member

    Joined:
    Oct 18, 2004
    Posts:
    2,529
    Just an idea but.

    Have you contacted admins or mods. If not maybe you should instead of running around like headless chickens.

    Also, you make out your worried and you post the problem in a public forum.
     
  6. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    FunnyMonkey and Paranoid2000,

    Thank you for the helpful responses! :)
     
  7. Jimbob1989

    Jimbob1989 Registered Member

    Joined:
    Oct 18, 2004
    Posts:
    2,529
    Tell me, was the alert sent before or after I stepped in?

    Jimbob
     
  8. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    No alert necessary.
    As mentioned, web servers are normally pingable.
     
  9. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    How secure are we? Not very secure really. In fact we are vulnerable to any one with the right script...

    Scan the address with Asmodeus 2.0 (super fast but rather noisy) or nmap (stealth scanner) and you'll know what I mean...

    The problem with this site is not whether it is pingable or not but rather whether the 3 open ports are exploitable. Add to this the fact that there are at least 3 existing Bugtraqs as well (all high risk levels) that have not been patched todate and there is the potential of being blown off the air.

    The danger of being pingable is if an illegal value is pinged, received and assembled by the server which will then cause the server to hang and dump its core.

    The website can only withstand a syn flood attack computed at roughly 1,100 syn packets /second (128 bits/packet; 512,000 bandwidth) which is not much considering that there are attack platforms that can generate as much as 22,000 packets/sec and more on a distributed basis. Though not readily available to the average script kiddie, this attack capability can be assembled through coordination among a group with like motives (and the simple transmission of spoofed syn packets throgh a batch file transmission), or the utilization of zombie units and utilized in a reflected distributed attack.

    Even if we assume that the server can turn off ports reserved for fin packets at a rate equal to the attack, this will render the site virtually useless.

    The question was "how secure are we?" and IMO we are vulnerable!
     
  10. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Let us approach this with the perspective of an attacker... the first question we have to ask ourselves is... "If I attack WSF, what's the profit?"
    Profits...
    1. Fame - WSF comes always in top 3 results when you search for ANY security query... partly because its wilders' SECURITY forum, partly beacuse the members and their posts here are so amazing (hats off to you, guys), and partly because people TRUST the forum enough to link to it (and maybe also because the mods here are so handsome/beautiful and charming, but that works only on Yahoo search)
    2. Money - Not much of it available on any forum... you can't have cash on a PS, no one submits credit card numbers here, and even if there's some saleable info here, you wouldn't know where Paul keeps it.
    3. Kicks - the world believs this to be the #1 reason hackers hack, but its NOT... Money is. this is a reason only for so-called "script kiddies" (those who simply download and execute utils meant for exploiting one particular flaw).
    4. Education - No one is stupid enough to go after a famous (reputed) website (see no.1 above) just because they wanna "learn".
    5. To make sure I never get to post again - the ONLY valid reason known to mankind why WSF (or any other board) should be hacked. ;)
    The threat, personally, I feel is more that from, say, a worm or virus exploiting wide spread flaws (that can be solved only by patching).
    Like they say, just my 2 cents....
     
  11. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    Some people develop viruses for sheer vandalism... (65,000 and counting). People attack sites to deface them or simply to write "Kilroy was here" on the server's HDD. Motivation could range from a feather in one's cap to preventing no13 from posting. Murphy's law and the best defense can come up with is wishful thinking and a dozen Hail Marys??
    Please...! Jeesiz! Is this how threats are assessed these days?
     
  12. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    I actually thought it was pretty obvious that we weren't going to discuss this forum's security in a thread like this given that neither Paul or I had replied in all the time this thread was here.

    But, for the record, the admins are not going to discuss the particulars of this forum's security in public threads. As such, this thread is now closed.
     
Loading...
Thread Status:
Not open for further replies.