brent timothy saner on 30 Aug 2008 16:46:09 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Question about Remote Desktop through a NAT


Brian Vagnoni wrote:

> 
> Assuming he isn't going to be working on this fathers computer
> indefinitely 365/24/7.

No, but the router's always on. Assuming it's an end-user residential
gateway/router/firewall, i.e. Linksys WRT54G, THAT is not turned off.
the modem is also always on. do you have ANY idea how easy it would be
to bruteforce that? instant admin access to the router/gateway is a
dangerous, dangerous thing, no matter WHAT context. security by
obscurity does not a good practice make. case in point: who do you think
is affected more by phishing scams, big enterprise businesses or home
users? what about malware/botnetting? i'd argue that they're an EASIER
target. only skids (script kiddies) target big corps and defacement;
they want to make a name for themselves (and usually get their ass
handed to them on a rusty platter). the REAL threat lies in those that,
much like predators in the wild, focus on the "sick and weak"- the home
users. i'd rather expend an hour and get 5 successful targets than spend
an hour on one big guy only to be crushed because i was greedy,
impatient, and stupid.

> Assuming it is for a time limited event of, 
> open remote admin ssl port, login(user name & password), 
> make router changes, close admin port, connect to computer
> via opened ports.

do you do this?

> Assuming that his father is a residential
> cable customer with a dynamically changing ip address.

he isn't.

> Considering he didn't mention security in his requirements.

security should ALWAYS, ALWAYS be a concern, whether it's mentioned or not.

> 
> No you haven't misinterpreted me. 
> 
> This isn't NASA, NSA, VISA, or even a POS system.

everyone appreciates being told their privacy and security isn't important.


>Though not 
> astronomical, with a dynamic ip, the fact that this is a 
> residential computer(target benefit poor),

see first paragraph.

 the odds of
> penetration by a script kiddie and the time and effort it 
> takes to exploit an up to date endpoint firewalled Linux
> based system with it's own set of login cred's in the time
> limited event window I've outlined above is indeed very close
> to astronomical.

where the fsck did you ever see him mention ANYTHING about it being a
full routerbox? i can guarantee you he's using a linksys, belkin, etc.
of the sort, and most likely with out of date firmware at that.


> 
> This isn't an AP connected to the internet running 24/7 with WEP.

he also never mentioned whether it's using wireless (he just said it was
a wireless router), nor what protection if any is in place. you're
making assumptions, and they aren't even relevant because, as i've
detailed above, brute forcing is a big worry.

> 
> My experience tells me that this is extremely low risk event given
> the target, 

which experience is this? because everything i've encountered in the
field tells me otherwise.

> and the amount of time critical ports are open over an ssl
> connection. If this were a business connection I would choose otherwise
> but it's an admittedly technically challenged(no offense Casey to your
> father) senior Americans laptop(not on all the time).

port scanners, block scanners, and sniffers do not care if you're a
business or not. it's just data to them.

> 
> So I therefore wholly stand by my statement. 

you oughtn't. it's a very dangerous suggestion.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug