Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Novice Questions: Non-Standard Service Listening on Port/Firewalls

2 views
Skip to first unread message

sammy

unread,
Aug 18, 2004, 4:12:11 PM8/18/04
to
Hi,

I'm just getting into this network security stuff and have a few basic
questions:

1.) If ALL ports are closed except ONE, and...

on that one port I have listening a custom service that I wrote in C, and...

the server is directly connected to the Internet for all to see, ...

am I right in assuming the only way someone can get in from the Internet is
through exploiting a buffer overflow in my code after making a basic socket
connection?

2.) How effective/useful is Windows 2003 Server's ICF? Does it do at least
part of some job well?


3.) I know you get what you pay for, but what budget firewall appliances are
worth their salt if the only aspect of it that I'm willing to pay the extra
penny for is performance? Just to start-out and upgrade later.

Thanks!
Sammy


Ant

unread,
Aug 18, 2004, 8:54:00 PM8/18/04
to
"sammy" wrote...

> Hi,
>
> I'm just getting into this network security stuff and have a few basic
> questions:
>
> 1.) If ALL ports are closed except ONE, and...
>
> on that one port I have listening a custom service that I wrote in C, and...
>
> the server is directly connected to the Internet for all to see, ...
>
> am I right in assuming the only way someone can get in from the Internet is
> through exploiting a buffer overflow in my code after making a basic socket
> connection?

In general, yes, but it would depend on what your custom prog is doing.

Consider also the Windows socket library you are using. Can you be sure
the functions you use in that dll are free of such bugs?


Thor Kottelin

unread,
Aug 18, 2004, 11:07:52 PM8/18/04
to

sammy wrote:

> If ALL ports are closed except ONE, and...
>
> on that one port I have listening a custom service that I wrote in C, and...
>
> the server is directly connected to the Internet for all to see, ...
>
> am I right in assuming the only way someone can get in from the Internet is
> through exploiting a buffer overflow in my code after making a basic socket
> connection?

Not necessarily. Your code might have other vulnerabilities, or you might
connect to somewhere unsafe yourself. Also, not all protocols are
port-oriented (think e.g. ICMP).

Thor

--
http://www.anta.net/

0 new messages