On Tue, Jan 3, 2012 at 6:49 PM, Bennett Haselton <bennett at peacefire.org> wrote: > >>> Of the compromised machines on the Internet, what proportion do you >>> think were hacked via MITM-and-advanced-crypto, compared to exploits in >>> the services? >> Proportions don't matter. Unless you have something extremely >> valuable to make this machine a target or someone captured your >> password and connection destination it was probably a random hit of a >> random probe. It doesn't matter if they are likely to work or not, >> some do. > > I either disagree or I'm not sure what you're saying. What do you mean > that "proportions don't matter"? I mean, if you get hit by lightning, did it really matter that you didn't have the more likely heart attack? > If attack A is 1,000 times more likely > to work than attack B, you don't think it's more important to guard > against attack A? It's not either/or here. You could be the guy who gets hit by lightning. >>> Case in point: in the *entire history of the Internet*, do you think >>> there's been a single attack that worked because squid was allowed to >>> listen on a non-standard port, that would have been blocked if squid had >>> been forced to listen on a standard port? >> Generalize that question to 'do you think attacks are helped by >> permitting applications to use ports the administrator didn't expect >> them to use' and the answer is clearly yes. There are certainly rogue >> trojans around that do who-knows-what on other connections while >> pretending to be your normal applications. > > Well that seems like it would be trivial for the trojan to circumvent -- > just listen on the standard port, and if you receive a connection that > contains the "secret handshake", switch that connection over into trojan > mode, while continuing to serve other users' standard requests on the > same port. Wouldn't that work? In that case it seems like a case of a > restriction that might work until it becomes widely deployed enough for > trojan authors to take it into account, at which point it becomes obsolete. Do you lock your doors or just leave them open because anyone who wants in can break a window anyway? -- Les Mikesell lesmikesell at gmail.com