dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
12
share rss forum feed

garywk

join:2001-03-06
Clarkston, WA
reply to mich

Re: Ubuntu computer hijacked by hacker

said by mich:

Well, it's good to hear than nothing you don't know about listens for incoming connections on your router, but it certainly doesn't rule out the possibility that VNC _used_to_ listen for them before.

Ummm.... Say what? Where do you get the idea that a port listening on a computer connected to a LAN behind a firewall causes a port to listen on the WAN side of the firewall/router that is acting as the gateway for the LAN? It's just not going to happen.

mich

join:2008-08-30
said by garywk:

Ummm.... Say what? Where do you get the idea that a port listening on a computer connected to a LAN behind a firewall causes a port to listen on the WAN side of the firewall/router that is acting as the gateway for the LAN? It's just not going to happen.

I've never claimed that. That's why i said "nothing is listening _on_your_router_". Maybe it wasn't entirely clear, but what I meant was "noting is listening on ports forwarded from the router", like this VNC probably was.

garywk

join:2001-03-06
Clarkston, WA
Well, I guess I misunderstood then, but I'm still not sure of your point. How could the vncserver be listening on a firewall port if the firewall port is closed and no port forwarding is enabled? UPNP is not supported by by tightvnc in any documentation that I can find so that is most probably not a possible vector of attack.

The port would have to be open then and now unless either the router itself is compromised, or one of the machines in the LAN is compromised so that the bad guy has access to the network at all times and can originate traffic from inside the network and/or reconfigure the router at will.

It would seem to me that it's a pretty tall order for a cracker to get you to download an executable using a Linux bittorrent client, and then chmod the file so that it has execute permissions once it's on the hard drive so he can use that malware to access the remote desktop. I've never heard of bittorrent being mis-used that way. I can see how it would work in Windows as MS ties read and execute permissions together, but no Linux.

mich

join:2008-08-30
It seems that GNOME dudes have hacked together their own server:
»www.debianadmin.com/remote-deskt···ntu.html

And here goes the scary stuff:
»bugzilla.gnome.org/show_bug.cgi?id=578767

Status: RESOLVED FIXED


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2

1 recommendation

said by mich:

It seems that GNOME dudes have hacked together their own server:
»www.debianadmin.com/remote-deskt···ntu.html

And here goes the scary stuff:
»bugzilla.gnome.org/show_bug.cgi?id=578767

Status: RESOLVED FIXED

Yikes. There's our problem, just as I suspected. VNC opens a port automatically on the router.
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999


EUS
Kill cancer
Premium
join:2002-09-10
canada

1 recommendation

UPnP is Eeeevil!

equivocal

join:2008-01-23
USA
reply to KodiacZiller
Evidence that all the effort to make linux just as good as windows is really paying off.

But I'm glad I ran across this discussion. I know it's something I'll need to remember...hey is that a shinny object...

garywk

join:2001-03-06
Clarkston, WA

1 recommendation

reply to mich
Thanks, that was news to me. I hadn't used tightvnc or remote desktop sharing in a long time, but when I did it wasn't opening up a port via upnp.

Why do these idiot developers do this stupid stuff? They know their protocol isn't secure. They know some people will use remote desktop on only their internal LAN. So, they open firewall ports without telling anyone. They must be Microsoft developers at heart where security vulnerabilities == features.

The strange thing about this is that I fired up wireshark, enabled desktop sharing, and saw no network traffic related to this.


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL
said by garywk:

Why do these idiot developers do this stupid stuff? They know their protocol isn't secure. They know some people will use remote desktop on only their internal LAN. So, they open firewall ports without telling anyone. They must be Microsoft developers at heart where security vulnerabilities == features.

I agree, what you suspect , they are/were MS developers.

I guess that they were thinking, that people are lazy.
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.