On Tue, Jan 3, 2012 at 6:49 PM, Bennett Haselton bennett@peacefire.org wrote:
Of the compromised machines on the Internet, what proportion do you think were hacked via MITM-and-advanced-crypto, compared to exploits in the services?
Proportions don't matter. Unless you have something extremely valuable to make this machine a target or someone captured your password and connection destination it was probably a random hit of a random probe. It doesn't matter if they are likely to work or not, some do.
I either disagree or I'm not sure what you're saying. What do you mean that "proportions don't matter"?
I mean, if you get hit by lightning, did it really matter that you didn't have the more likely heart attack?
If attack A is 1,000 times more likely to work than attack B, you don't think it's more important to guard against attack A?
It's not either/or here. You could be the guy who gets hit by lightning.
Case in point: in the *entire history of the Internet*, do you think there's been a single attack that worked because squid was allowed to listen on a non-standard port, that would have been blocked if squid had been forced to listen on a standard port?
Generalize that question to 'do you think attacks are helped by permitting applications to use ports the administrator didn't expect them to use' and the answer is clearly yes. There are certainly rogue trojans around that do who-knows-what on other connections while pretending to be your normal applications.
Well that seems like it would be trivial for the trojan to circumvent -- just listen on the standard port, and if you receive a connection that contains the "secret handshake", switch that connection over into trojan mode, while continuing to serve other users' standard requests on the same port. Wouldn't that work? In that case it seems like a case of a restriction that might work until it becomes widely deployed enough for trojan authors to take it into account, at which point it becomes obsolete.
Do you lock your doors or just leave them open because anyone who wants in can break a window anyway?