Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Threat of running a web server?

Reply
Thread Tools

Threat of running a web server?

 
 
Conor
Guest
Posts: n/a
 
      01-19-2004
In article <(E-Mail Removed)>,
http://www.velocityreviews.com/forums/(E-Mail Removed) says...

> I appreciate that when running a server there are different levels of
> service but if your service is a read only does that not make one
> reasonably safe.
>

Nope. There are plenty of exploits not requiring write access that use
other tricks such as buffer overflows etc.


--
Conor

"The vast majority of Iraqis want to live in a peaceful, free world.
And we will find these people and we will bring them to justice."
- George Bush
 
Reply With Quote
 
 
 
 
Noyb
Guest
Posts: n/a
 
      01-19-2004

> allowing _any_ daemon (server for you microsoft weenies) to run on _any_
> port leaves you _vulnerable_. "how vulnerable" is dependant upon the
> daemon/server. _all_ programs have the _potential_ to be exploited. if
> you don't know what you're doing, don't run a server/daemon, even if
> you're running "black ice", nothing more than a IDS anyway.... even a
> personal firewall.... if you're explicitly telling the firewall/IDS to
> ignore port 80 traffic, you're leaving that particular service "out
> there". if you don't know what you're doing, you don't keep up on
> server/daemon patching and you're not running a proper IDS and actually
> watching the friggin logs, you'll get hacked... it's only a matter of
> time (in some cases, a 0day exploit).
>
>
>
> --
> Colonel Flagg
> http://www.internetwarzone.org/
>
> Privacy at a click:
> http://www.cotse.net
>
> Q: How many Bill Gates does it take to change a lightbulb?
> A: None, he just defines Darkness? as the new industry standard..."
>
> "...I see stupid people."


"BlackICE protects using the same sophisticated technology that secures
corporate networks around the world. This unique combination of firewall,
fast, unobtrusive intrusion protection and straightforward interface
protects the privacy of any home or office server."

Sounds like a firewall, and it's always seemed to protect me. If you'd like
to suggest some other solutions and not just "microsoft weenie" cut-downs
I'd like to hear them.


 
Reply With Quote
 
 
 
 
keydet
Guest
Posts: n/a
 
      01-19-2004
> Does leaving port 80 open for serving web pages leave me vulnerable?

Depends on what you've got running on that port. The basic tenets of
security include the Principle of Least Privilege. As it applies to
your question, this means run only those services that you must, and
secure as much as possible those that you do run.

For example, you can run a minimal web server using netcat:

c:\>nc -vv -L -d -p 80 < default.html

Whenever someone connects to your "server", the text in default.html
will be sent back to them.

If you're running IIS, you want to make sure that you patch it, set
ACLs, and remove any unnecessary script mappings.

However, configuration control and management is NOT unique to
Microsoft products...even servers like Apache need someone to monitor
them.

> I'm running Apache on WinXP with BlackICE and Norton AntiVirus running
> behind a Linksys router that is forwarding port 80 to my machine.


Well, a couple of quick seconds of Googling, or just going to the
Symantec site, will show you that you're not vulnerable to CR.

> Anyone
> know how this is possible that someone gave me a virus over my apache web
> server? Do I have a security hole or is this threat something I have to live
> with if I'm going to have a web server?


Yes, it is...if all you're going to do is run it. However, if you're
going to "manage" and "administer" it, that's a different story
entirely.
 
Reply With Quote
 
Duane Arnold
Guest
Posts: n/a
 
      01-19-2004
"Noyb" <(E-Mail Removed)> wrote in
news:AESOb.2068$(E-Mail Removed) gy.com:

>
>> allowing _any_ daemon (server for you microsoft weenies) to run on
>> _any_ port leaves you _vulnerable_. "how vulnerable" is dependant
>> upon the daemon/server. _all_ programs have the _potential_ to be
>> exploited. if you don't know what you're doing, don't run a
>> server/daemon, even if you're running "black ice", nothing more than
>> a IDS anyway.... even a personal firewall.... if you're explicitly
>> telling the firewall/IDS to ignore port 80 traffic, you're leaving
>> that particular service "out there". if you don't know what you're
>> doing, you don't keep up on server/daemon patching and you're not
>> running a proper IDS and actually watching the friggin logs, you'll
>> get hacked... it's only a matter of time (in some cases, a 0day
>> exploit).
>>
>>
>>
>> --
>> Colonel Flagg
>> http://www.internetwarzone.org/
>>
>> Privacy at a click:
>> http://www.cotse.net
>>
>> Q: How many Bill Gates does it take to change a lightbulb?
>> A: None, he just defines Darkness? as the new industry standard..."
>>
>> "...I see stupid people."

>
> "BlackICE protects using the same sophisticated technology that
> secures corporate networks around the world. This unique combination
> of firewall, fast, unobtrusive intrusion protection and
> straightforward interface protects the privacy of any home or office
> server."


This is true. But BlackIce cannot protect on outbound connections. It
does protect on an unsolicited outbound connection from the machine and
will block it. And BI will block an application from outbound connections
by exe, dll, ocx or any program file type you place into the Checksum.fle
for monitoring. And BI has good logging of these events if you're using
VisualIce (free use Google) and BI logging is enabled.

But BlackIce cannot stop outbound connections to IP(s), port(s), protocol
(s), DNS(s) etc and that's where IPsec comes into play on the Win2k, XP
and Win 2K3 O/S(s) that can do that.

>
> Sounds like a firewall, and it's always seemed to protect me. If you'd
> like to suggest some other solutions and not just "microsoft weenie"
> cut-downs I'd like to hear them.


BlackIce does have a FW component that I have used from day one I started
using the product. And BI as stopped a couple of attacks that came right
through that NAT router, when no ports were being forwaded to a machine.

I too get tired of watching people bitch and cry about the MS NT based
O/S which can be configured to be secure or BlackIce as well which can be
used effectively if configured properly.

Duane
 
Reply With Quote
 
Noyb
Guest
Posts: n/a
 
      01-19-2004
> This is true. But BlackIce cannot protect on outbound connections. It
> does protect on an unsolicited outbound connection from the machine and
> will block it. And BI will block an application from outbound connections
> by exe, dll, ocx or any program file type you place into the Checksum.fle
> for monitoring. And BI has good logging of these events if you're using
> VisualIce (free use Google) and BI logging is enabled.
>
> But BlackIce cannot stop outbound connections to IP(s), port(s), protocol
> (s), DNS(s) etc and that's where IPsec comes into play on the Win2k, XP
> and Win 2K3 O/S(s) that can do that.
>
> >
> > Sounds like a firewall, and it's always seemed to protect me. If you'd
> > like to suggest some other solutions and not just "microsoft weenie"
> > cut-downs I'd like to hear them.

>
> BlackIce does have a FW component that I have used from day one I started
> using the product. And BI as stopped a couple of attacks that came right
> through that NAT router, when no ports were being forwaded to a machine.
>
> I too get tired of watching people bitch and cry about the MS NT based
> O/S which can be configured to be secure or BlackIce as well which can be
> used effectively if configured properly.
>
> Duane


Thanks Duane! Once again you've been very helpful to less experienced users
like myself.
Steve.


 
Reply With Quote
 
Noyb
Guest
Posts: n/a
 
      01-19-2004

"Conor" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) s.com...
> In article <(E-Mail Removed)>,
> (E-Mail Removed) says...
>
> > I appreciate that when running a server there are different levels of
> > service but if your service is a read only does that not make one
> > reasonably safe.
> >

> Nope. There are plenty of exploits not requiring write access that use
> other tricks such as buffer overflows etc.
>


Thanks Conor, actually the event just before the HTTP_Code_Red was
HTTP_repeated_character, so it sounds like what you're suggesting.


 
Reply With Quote
 
David Norris
Guest
Posts: n/a
 
      01-19-2004

"Noyb" <(E-Mail Removed)> wrote in message
news:X8FOb.6922$(E-Mail Removed) ...
> Does leaving port 80 open for serving web pages leave me vulnerable? A few
> hours after telling BlackICE to allow port 80 traffic in I got an alarm

with
> this event: HTTP_Code_Red_II
>
> Norton alerted me to the virus soon after and deleted it. Here's there
> write-up on it if anyone's interested:
> http://securityresponse.symantec.com...ered.worm.html
>
> I'm running Apache on WinXP with BlackICE and Norton AntiVirus running
> behind a Linksys router that is forwarding port 80 to my machine. Anyone
> know how this is possible that someone gave me a virus over my apache web
> server? Do I have a security hole or is this threat something I have to

live
> with if I'm going to have a web server? Thanks for any help or

suggestions.
>
> Steve.
>
>
> Apache has a reasonable security record - it's what I use myself. The

majority of intrusions via webservers occur via scripts (CGI and so on). If
you are careful about use of scripts, your risk is much lessened. DN


 
Reply With Quote
 
Colonel Flagg
Guest
Posts: n/a
 
      01-19-2004
In article <(E-Mail Removed)>,
(E-Mail Removed) says...
> On Mon, 19 Jan 2004 07:43:05 -0500, Colonel Flagg spoketh
>
> >
> >to a n00b, what's the difference? if you're running a "service", a
> >"server" or a "daemon", you're providing "something" to be given out to
> >someone. a "server" is a machine which provides either a "service" or a
> >"daemon". there, fixed that... can't fix your ability to prove your
> >"weenie-ness" however.
> >

>
> Why do you *always* have to make everything a ****ing contest between MS
> and Linux? Can't you just leave it alone?
>
> Lars M. Hansen
> http://www.hansenonline.net
> (replace 'badnews' with 'news' in e-mail address)
>



I didn't. all I said was something to the effect of "microsoft weenies",
someone else took that to _mean_ something.... all I meant was
"microsoft weenies"... read into it and reply to it, anyway you want
to... I don't give a ****... as a matter of fact... why the hell am I
even responding to you? because I don't give a ****..


--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."
 
Reply With Quote
 
Colonel Flagg
Guest
Posts: n/a
 
      01-19-2004
In article <AESOb.2068$(E-Mail Removed) om>,
(E-Mail Removed) says...

> "BlackICE protects using the same sophisticated technology that secures
> corporate networks around the world. This unique combination of firewall,
> fast, unobtrusive intrusion protection and straightforward interface
> protects the privacy of any home or office server."
>
> Sounds like a firewall, and it's always seemed to protect me. If you'd like
> to suggest some other solutions and not just "microsoft weenie" cut-downs
> I'd like to hear them.
>



when I am using this piece of **** junk machine, I like tiny personal
firewall... otherwise, I use a real ipf/ipnat/ipfw firewall on a freebsd
box.

see there, nothing at all said about microsoft.

--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."
 
Reply With Quote
 
Lars M. Hansen
Guest
Posts: n/a
 
      01-20-2004
On Mon, 19 Jan 2004 18:14:20 -0500, Colonel Flagg spoketh

>
>I didn't. all I said was something to the effect of "microsoft weenies",
>someone else took that to _mean_ something.... all I meant was
>"microsoft weenies"... read into it and reply to it, anyway you want
>to... I don't give a ****... as a matter of fact... why the hell am I
>even responding to you? because I don't give a ****..


whatever ... buh-bye.


Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Subject: WARNING: OPERA IS A SERIOUS THREAT TO YOUR COMPUTER John H Meyers Firefox 1 01-05-2006 04:54 PM
Re: Subject: WARNING: OPERA IS A SERIOUS THREAT TO YOUR COMPUTER PDannyD Firefox 0 01-02-2006 11:58 PM
Antispyd, a web threat filtering proxy under GPL licence julien Computer Security 0 10-15-2005 09:43 AM
New MiMail threat Larry Samuels MCSE 21 01-29-2004 11:38 PM
New MiMail threat Larry Samuels Microsoft Certification 18 01-29-2004 11:38 PM



Advertisments