Re: VB5 Webserver secure?

From: erewhon@xxxxxxxxxx (J French)
Date: Fri, 02 Jun 2006 09:21:07 GMT

On Fri, 2 Jun 2006 01:16:03 -0500, "Ralph" <nt_consulting64@xxxxxxxxx>
wrote:

<snip>

I doubt that straightforward TCP/IP and WinSock code are vulnerable to
malformed data.

You are correct about ports - assuming ports are considered. But the OP
asked about a "simple webserver". A "simple webserver" is definitely not
"extremely secure" without a lot of attention to detail. If he doesn't have
a good firewall - the box will be exploited in the first 10 minutes.

As far as "straightforward TCP/IP and WinSock code" being invulnerable to
malformed data - where have you been the last 10 years? <g>

Stop and think what the primary attack surface is, and where it is, that all
the worms, trojans, virus, ... have been using. TCP/IP and Sockets is just
the bus line and anyone can get on the bus. Every internet badie known slips
in quietly through well-formed, straigthtforward, elegant TCP/IP code.

Or look at it this way, except for dos attacks, the bad guy does NOT want to
screw with the bus - he WANTS the bus to work just as well for him as it
does for AOL.

Saying "I have good TCP/IP code" is just like a bank saying "Our doors are
sparkingly clean and swing on their hinges without a squeek". It may be good
marketing, but doesn't have much positive impact on the security of the
depoists. <g>

Ralph, possibly you know something about this that I've not run into.

Some years ago I wrote a simple webserver, and I don't see how it
would have allowed 'the box to be exploited in 10 minutes'

My logic runs along these lines, the TCP/IP protocol simply moves data
from point to point, rather like copying a file from a CD to a floppy.

It knows nothing about the content, it is just a transport mechanism.

With a system that has all ports shut to incoming traffic, except for
80h, and your own software listening on 80h, then you have the
equivalent of a firewall.

Viruse, Trojans etc all rely on tricking you into running their code
(even the WMF exploit falls into that category) if you don't run their
code they can do nothing.

Buffer overrun exploits are from people knowing something about
software running on your box - and being able to push data into that
software.

If you just have one cat flap, and something behind the cat flap with
very limited functionality, then I don't understand how people could
push data onto my machine, let alone trick my box into running code.

Put another way, if there were exploits in straightforward TCP/IP
transfer, then there would not be a single machine using TCP/IP to the
outside world that was not infected.

I can see that MS idiotically built in numerous cat flaps,
Steve Gibson is good for a rant on that: https://www.grc.com
- but if you use a hardware router to block all incoming ports except
for 80h, you've got over that problem.

Another way of putting it, is if I just have one cat flap, and a
simple program that listens to all incoming data, bins it and replies
with a stream of random verbal abuse ( call it a Tourette system )
then I just don't see how anyone can do anything.

Also, I'm not that comfortable with software Firewalls, you don't need
them for incoming data because you can use hardware, and if they catch
something calling back to momma, you are already dead.

Since I'm onto a roll, another way of looking at it is I have a box
with a modem set to auto-answer connected to a 'phone line
- someone can ring in, the modem will answer, but the software
listening to COM1 sends back a stream of random numbers (or 'Incorrect
Password') regardless of what comes in, then the chance of infection
is zilch.

Possibly you know of things that I've been blissfully unaware of
- in which case I would be very interested to hear about them

.

References:
- VB5 Webserver secure?
  - From: Mark
- Re: VB5 Webserver secure?
  - From: J French
- Re: VB5 Webserver secure?
  - From: Ralph
- Re: VB5 Webserver secure?
  - From: J French
- Re: VB5 Webserver secure?
  - From: Ralph

Prev by Date: Re: Problem hiding desktop icons from Systray
Next by Date: Check for Application Idle time????
Previous by thread: Re: VB5 Webserver secure?
Next by thread: Re: VB5 Webserver secure?
Index(es):
- Date
- Thread

Relevant Pages

Re: Moving to Win2k Server - but how to make it a DC?
... OS), and before I ever get a firewall installed or setup on it, I start out with just TCP/IP (I ... Ok, if I desicde to do my Win2k Server as my router, what firewall software is available for me to ...
(microsoft.public.windows.server.general)
Re: Unknown Network Attack
... disabled on a server using rras. ... Check your tcp/ip configuration to make ... IP to DHCP or changed the entries in tcp/ip such as IP address, dns server, ... >> firewall configurations for some firewalls. ...
(microsoft.public.windows.server.networking)
Re: Firewall Suggestions
... TCP/IP to communicate across the network regardless of which protocol you ... Hardware device written all over this one. ... One firewall one configuration. ...
(comp.security.firewalls)
Re: pop up
... TCP/IP on the LAN..." ... IPX/SPX, as I did immediately upon creating a home LAN, or even ... > how to open ports through the built-in firewall and lists examples, ...
(microsoft.public.windowsxp.security_admin)
Re: (NPC)(as usual) Ethernet internet question
... the firewall doesn't let in any incoming data unless you say it's okay. ... Your bit torrent client will tell you in the preferences what port or range of ports it uses; if you don't open them on your firewall your speeds will be very slow. ...
(rec.music.phish)