"Shellshock" bash bug
Gene Heskett
gheskett at wdtv.com
Sat Sep 27 16:51:44 UTC 2014
On Saturday 27 September 2014 11:29:21 Colin Law did opine
And Gene did reply:
> On 27 September 2014 14:08, Gene Heskett <gheskett at wdtv.com> wrote:
> > On Saturday 27 September 2014 08:53:10 Colin Law did opine
> >
> > And Gene did reply:
> >> On 27 September 2014 13:45, Gene Heskett <gheskett at wdtv.com> wrote:
> >> > On Saturday 27 September 2014 02:45:50 Colin Law did opine
> >> >
> >> > And Gene did reply:
> >> >> On 27 September 2014 01:33, Gene Heskett <gheskett at wdtv.com>
wrote:
> >> >> > On Friday 26 September 2014 17:50:25 Colin Law did opine
> >> >> >
> >> >> >> ...
> >> >> >> It seems however that my initial assumption is correct, that
> >> >> >> if they cannot login as they do not have the key then they
> >> >> >> cannot exploit the vulnerability.
> >> >> >
> >> >> > We are being told by the finders that no login is needed.
> >> >>
> >> >> True, it seems that web server and dhcp can also be attacked,
> >> >> however since only port 22 is open and dhcp is from my router
> >> >> then it seems I am safe, provided the router is clean.
> >> >>
> >> >> Cheers
> >> >>
> >> >> Colin
> >> >
> >> > A second point in the good routers is that you can and should,
> >> > disable access to port 22 from the outside world, making that only
> >> > accessible from your local 192.168.nnn/24. But that has little to
> >> > do with its dhcp which could still be hackable.
> >>
> >> If I disable access to port 22 from the outside world, how do you
> >> suggest I get access to the machine from the outside world?
> >>
> >> Colin
> >
> > The "outside world" is by definition, any address NOT in the
> > 192.168.xx. range. Those addresses are not transmitted across the
> > router from inside to outside. Or vice-versa. I only have one port
> > open to the outside, and you can easily guess which one that is. If
> > you can see my web page, its working. :)
>
> Not sure that answers the question about how I get access to my
> machine from the outside world without opening port 22 (or using VPN).
> I need to control it, it is a weather station, not a web server. Also
> I suspect there have been many more vulnerabilities found that can
> attack via an http connection than via ssh, though I have no direct
> evidence to support that.
>
> Cheers
>
> Colin
Does it have a "local' ip, or does it get its address from a makers
server? The latter would take it out of my potential purchases column,
but if its local, where can I get one?
If it has a local ip, then leave it open, although if its wireless, the
neighbors, if hacker enough could access it. Good passwords protecting
the admin stuff, 20+ characters would secure it well enough in 99.9999999%
of the cases.
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS
More information about the ubuntu-users
mailing list