Security Basics
RE: UDP question Oct 08 2013 03:00PM
Patrick Kobly (patrick kobly com)
-----Original message-----
From: ToddAndMargo <ToddAndMargo (at) zoho (dot) com [email concealed]>
Sent: Tue 08-10-2013 00:57
Subject: UDP question
To: security-basics (at) securityfocus (dot) com [email concealed];

> I am a bit confused:
>
> 1) "unless a TCP scan or other sources indicate". Okay.
> How would a UDP port that was open give you any indication
> that it was open with a TCP scan?

Some services listen on both TCP and UDP (i.e. DNS, ONC RPC - NFS, SNMP) and may provide different behaviour when communicated with via TCP than when communicated with via UDP.

> 2) "for example SNMP, NFS, the Back Orifice Trojan backdoor".
> Is he talking about a compromised system or a system with
> a bunch of poorly thought out services running on it?

Both. The article is agnostic to the purposes for which the tool is being used.

> 3) It is my understanding, that the malicious programs on
> a compromised system do not act as a server, meaning they
> do not open ports. As I understand it, they communicate
> with their evil puppet masters by establishing out going
> connections to avoid the firewall. They same way I avoid
> firewalls with Go To Assist. Am I wrong here?

There is a wide variety of malware out there. Sometimes C&C is handled by outbound connections, sometimes it's handled by just listening to a port. Smart attackers are aware of the context that their malware is installed in and choose the appropriate medium for the job. I noticed in another email that you're starting to look at Metasploit. You'll find that msf has a number of different payloads - some of them reverse, some of them listeners.

PK

>
> Many thanks,
> -T
>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Computers are like air conditioners.
> They malfunction when you open windows
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
> ------------------------------------------------------------------------

> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate. We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------

>
>

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus