Re: [Skunkworks] Is port 8080 more secure than 80?
Any port can be insecure. The insecurity does not arise from the port number but rather the hacking knowledge that's in the public domain regarding the application running on a specific port. I think there-in lies the true answer to your question. You can put an application on any port you wish but once someone figures out what you're running on that port, then they can look for exploits for the application. For web servers just follow the instructions on how to secure (too much to detail them here). Tomcat by default runs on 8080. You can secure tomcat and still run it from 8080. However general practice it to further secure it with Apache. Apache adds a few other benefits like caching. O_O --- On Wed, 2/16/11, skunkworks-request@lists.my.co.ke <skunkworks-request@lists.my.co.ke> wrote: From: skunkworks-request@lists.my.co.ke <skunkworks-request@lists.my.co.ke> Subject: Skunkworks Digest, Vol 12, Issue 198 To: skunkworks@lists.my.co.ke Date: Wednesday, February 16, 2011, 3:54 PM Send Skunkworks mailing list submissions to skunkworks@lists.my.co.ke To subscribe or unsubscribe via the World Wide Web, visit http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks or, via email, send a message with subject or body 'help' to skunkworks-request@lists.my.co.ke You can reach the person managing the list at skunkworks-owner@lists.my.co.ke When replying, please edit your Subject line so it is more specific than "Re: Contents of Skunkworks digest..." Today's Topics: 1. Re: Google translate for 'Stupidity' (David Kiania | Asentric Consulting Ltd) 2. Re: Google translate for 'Stupidity' (Simon Mbuthia) 3. Update on Bit-Magic (this Saturday 19th @ iHub) (wesley kirinya) ---------------------------------------------------------------------- Message: 1 Date: Wed, 16 Feb 2011 15:47:11 +0200 From: "David Kiania | Asentric Consulting Ltd" <kianiadee@gmail.com> To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] Google translate for 'Stupidity' Message-ID: <AANLkTim1QgYtwp3whTQiiHd-4R6yi1zEKyNnimSj6JDa@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" I agree, but he can pick the red phone and call Larry or Sergey from the the lava will flow. On Wed, Feb 16, 2011 at 3:44 PM, judith mulinge <judith.mulinge@gmail.com>wrote:
I doubt if our Joe can fix this one[?].
Meanwhile - In Google Maps. get directions to Taiwan from China, by road. Check out no 54.
Google is retarded.
-posting via gmail,
J. Mutheu Mulinge +254 721 574 971 mutheu.wordpress.com www.mutheu.me skype: judith.mulinge
On Wed, Feb 16, 2011 at 4:36 PM, julianne anyim <julianneanyim@gmail.com>wrote:
Wish i had Mucheru's phone no.
On Wed, Feb 16, 2011 at 5:13 AM, Odhiambo Washington <odhiambo@gmail.com>wrote:
On Wed, Feb 16, 2011 at 4:10 PM, julianne anyim <julianneanyim@gmail.com
wrote:
1M nkts!!! How can i contact google abt this???
Try:
gender_complaints@google.com
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- [Asentric Consulting Ltd] "You don't build a business, you build people who build your business for you" - Brad Sugars
@Odhiambo, why my name again? On 2/16/11, wesley kirinya <kiriinya2000@yahoo.com> wrote:
Any port can be insecure. The insecurity does not arise from the port number but rather the hacking knowledge that's in the public domain regarding the application running on a specific port. I think there-in lies the true answer to your question. You can put an application on any port you wish but once someone figures out what you're running on that port, then they can look for exploits for the application. For web servers just follow the instructions on how to secure (too much to detail them here).
Tomcat by default runs on 8080. You can secure tomcat and still run it from 8080. However general practice it to further secure it with Apache. Apache adds a few other benefits like caching.
O_O
--- On Wed, 2/16/11, skunkworks-request@lists.my.co.ke <skunkworks-request@lists.my.co.ke> wrote:
From: skunkworks-request@lists.my.co.ke <skunkworks-request@lists.my.co.ke> Subject: Skunkworks Digest, Vol 12, Issue 198 To: skunkworks@lists.my.co.ke Date: Wednesday, February 16, 2011, 3:54 PM
Send Skunkworks mailing list submissions to skunkworks@lists.my.co.ke
To subscribe or unsubscribe via the World Wide Web, visit http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks or, via email, send a message with subject or body 'help' to skunkworks-request@lists.my.co.ke
You can reach the person managing the list at skunkworks-owner@lists.my.co.ke
When replying, please edit your Subject line so it is more specific than "Re: Contents of Skunkworks digest..."
Today's Topics:
1. Re: Google translate for 'Stupidity' (David Kiania | Asentric Consulting Ltd) 2. Re: Google translate for 'Stupidity' (Simon Mbuthia) 3. Update on Bit-Magic (this Saturday 19th @ iHub) (wesley kirinya)
----------------------------------------------------------------------
Message: 1 Date: Wed, 16 Feb 2011 15:47:11 +0200 From: "David Kiania | Asentric Consulting Ltd" <kianiadee@gmail.com> To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] Google translate for 'Stupidity' Message-ID: <AANLkTim1QgYtwp3whTQiiHd-4R6yi1zEKyNnimSj6JDa@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1"
I agree, but he can pick the red phone and call Larry or Sergey from the the lava will flow.
On Wed, Feb 16, 2011 at 3:44 PM, judith mulinge <judith.mulinge@gmail.com>wrote:
I doubt if our Joe can fix this one[?].
Meanwhile - In Google Maps. get directions to Taiwan from China, by road. Check out no 54.
Google is retarded.
-posting via gmail,
J. Mutheu Mulinge +254 721 574 971 mutheu.wordpress.com www.mutheu.me skype: judith.mulinge
On Wed, Feb 16, 2011 at 4:36 PM, julianne anyim <julianneanyim@gmail.com>wrote:
Wish i had Mucheru's phone no.
On Wed, Feb 16, 2011 at 5:13 AM, Odhiambo Washington <odhiambo@gmail.com>wrote:
On Wed, Feb 16, 2011 at 4:10 PM, julianne anyim <julianneanyim@gmail.com
wrote:
1M nkts!!! How can i contact google abt this???
Try:
gender_complaints@google.com
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
--
[Asentric Consulting Ltd]
"You don't build a business, you build people who build your business for you" - Brad Sugars
Chuks, I meant to refer to it in the context of your pentest capabilities only. No prejudice meant at all. On Wed, Feb 16, 2011 at 6:46 PM, Gichuki John Chuksjonia < chuksjonia@gmail.com> wrote:
@Odhiambo, why my name again?
On 2/16/11, wesley kirinya <kiriinya2000@yahoo.com> wrote:
Any port can be insecure. The insecurity does not arise from the port number but rather the hacking knowledge that's in the public domain regarding the application running on a specific port. I think there-in lies the true answer to your question. You can put an application on any port you wish but once someone figures out what you're running on that port, then they can look for exploits for the application. For web servers just follow the instructions on how to secure (too much to detail them here).
Tomcat by default runs on 8080. You can secure tomcat and still run it from 8080. However general practice it to further secure it with Apache. Apache adds a few other benefits like caching.
O_O
--- On Wed, 2/16/11, skunkworks-request@lists.my.co.ke <skunkworks-request@lists.my.co.ke> wrote:
From: skunkworks-request@lists.my.co.ke < skunkworks-request@lists.my.co.ke> Subject: Skunkworks Digest, Vol 12, Issue 198 To: skunkworks@lists.my.co.ke Date: Wednesday, February 16, 2011, 3:54 PM
Send Skunkworks mailing list submissions to skunkworks@lists.my.co.ke
To subscribe or unsubscribe via the World Wide Web, visit http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks or, via email, send a message with subject or body 'help' to skunkworks-request@lists.my.co.ke
You can reach the person managing the list at skunkworks-owner@lists.my.co.ke
When replying, please edit your Subject line so it is more specific than "Re: Contents of Skunkworks digest..."
Today's Topics:
1. Re: Google translate for 'Stupidity' (David Kiania | Asentric Consulting Ltd) 2. Re: Google translate for 'Stupidity' (Simon Mbuthia) 3. Update on Bit-Magic (this Saturday 19th @ iHub) (wesley kirinya)
----------------------------------------------------------------------
Message: 1 Date: Wed, 16 Feb 2011 15:47:11 +0200 From: "David Kiania | Asentric Consulting Ltd" <kianiadee@gmail.com> To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] Google translate for 'Stupidity' Message-ID: <AANLkTim1QgYtwp3whTQiiHd-4R6yi1zEKyNnimSj6JDa@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1"
I agree, but he can pick the red phone and call Larry or Sergey from the the lava will flow.
On Wed, Feb 16, 2011 at 3:44 PM, judith mulinge <judith.mulinge@gmail.com>wrote:
I doubt if our Joe can fix this one[?].
Meanwhile - In Google Maps. get directions to Taiwan from China, by road. Check out no 54.
Google is retarded.
-posting via gmail,
J. Mutheu Mulinge +254 721 574 971 mutheu.wordpress.com www.mutheu.me skype: judith.mulinge
On Wed, Feb 16, 2011 at 4:36 PM, julianne anyim <julianneanyim@gmail.com>wrote:
Wish i had Mucheru's phone no.
On Wed, Feb 16, 2011 at 5:13 AM, Odhiambo Washington <odhiambo@gmail.com>wrote:
On Wed, Feb 16, 2011 at 4:10 PM, julianne anyim <
julianneanyim@gmail.com
wrote:
1M nkts!!! How can i contact google abt this???
Try:
gender_complaints@google.com
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
--
[Asentric Consulting Ltd]
"You don't build a business, you build people who build your business for you" - Brad Sugars
Okey, understood sir. Good to know. On 2/16/11, Odhiambo Washington <odhiambo@gmail.com> wrote:
Chuks,
I meant to refer to it in the context of your pentest capabilities only. No prejudice meant at all.
On Wed, Feb 16, 2011 at 6:46 PM, Gichuki John Chuksjonia < chuksjonia@gmail.com> wrote:
@Odhiambo, why my name again?
On 2/16/11, wesley kirinya <kiriinya2000@yahoo.com> wrote:
Any port can be insecure. The insecurity does not arise from the port number but rather the hacking knowledge that's in the public domain regarding the application running on a specific port. I think there-in lies the true answer to your question. You can put an application on any port you wish but once someone figures out what you're running on that port, then they can look for exploits for the application. For web servers just follow the instructions on how to secure (too much to detail them here).
Tomcat by default runs on 8080. You can secure tomcat and still run it from 8080. However general practice it to further secure it with Apache. Apache adds a few other benefits like caching.
O_O
--- On Wed, 2/16/11, skunkworks-request@lists.my.co.ke <skunkworks-request@lists.my.co.ke> wrote:
From: skunkworks-request@lists.my.co.ke < skunkworks-request@lists.my.co.ke> Subject: Skunkworks Digest, Vol 12, Issue 198 To: skunkworks@lists.my.co.ke Date: Wednesday, February 16, 2011, 3:54 PM
Send Skunkworks mailing list submissions to skunkworks@lists.my.co.ke
To subscribe or unsubscribe via the World Wide Web, visit http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks or, via email, send a message with subject or body 'help' to skunkworks-request@lists.my.co.ke
You can reach the person managing the list at skunkworks-owner@lists.my.co.ke
When replying, please edit your Subject line so it is more specific than "Re: Contents of Skunkworks digest..."
Today's Topics:
1. Re: Google translate for 'Stupidity' (David Kiania | Asentric Consulting Ltd) 2. Re: Google translate for 'Stupidity' (Simon Mbuthia) 3. Update on Bit-Magic (this Saturday 19th @ iHub) (wesley kirinya)
----------------------------------------------------------------------
Message: 1 Date: Wed, 16 Feb 2011 15:47:11 +0200 From: "David Kiania | Asentric Consulting Ltd" <kianiadee@gmail.com> To: Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] Google translate for 'Stupidity' Message-ID: <AANLkTim1QgYtwp3whTQiiHd-4R6yi1zEKyNnimSj6JDa@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1"
I agree, but he can pick the red phone and call Larry or Sergey from the the lava will flow.
On Wed, Feb 16, 2011 at 3:44 PM, judith mulinge <judith.mulinge@gmail.com>wrote:
I doubt if our Joe can fix this one[?].
Meanwhile - In Google Maps. get directions to Taiwan from China, by road. Check out no 54.
Google is retarded.
-posting via gmail,
J. Mutheu Mulinge +254 721 574 971 mutheu.wordpress.com www.mutheu.me skype: judith.mulinge
On Wed, Feb 16, 2011 at 4:36 PM, julianne anyim <julianneanyim@gmail.com>wrote:
Wish i had Mucheru's phone no.
On Wed, Feb 16, 2011 at 5:13 AM, Odhiambo Washington <odhiambo@gmail.com>wrote:
On Wed, Feb 16, 2011 at 4:10 PM, julianne anyim <
julianneanyim@gmail.com
> wrote:
> 1M nkts!!! > How can i contact google abt this??? > > Try:
gender_complaints@google.com
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!!
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
--
[Asentric Consulting Ltd]
"You don't build a business, you build people who build your business for you" - Brad Sugars
The reason to run a webserver on a high port like 8080 is that running on a port higher than 1000 does not require root privileges, so when the application is compromised the intruder will only get the privileges of the user running that server. Having said that, most servers are able to drop root privileges after they established connecting to the port (e.g. 80) so again an intruder will only get the privileges of an unprivileged user. If the server is not able to drop privileges it is a VERY good idea to run it on a high port and proxy it by a server which is able to do this.
Jail & SELinux does all this for you :-) ./Ok3ch On Thu, Feb 17, 2011 at 8:57 AM, Christian Ledermann <christian.ledermann@gmail.com> wrote:
The reason to run a webserver on a high port like 8080 is that running on a port higher than 1000 does not require root privileges, so when the application is compromised the intruder will only get the privileges of the user running that server.
Having said that, most servers are able to drop root privileges after they established connecting to the port (e.g. 80) so again an intruder will only get the privileges of an unprivileged user.
If the server is not able to drop privileges it is a VERY good idea to run it on a high port and proxy it by a server which is able to do this. _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
IMHO jail and SELinux are meant to provide additional security or to secure a server you have to run as root and cannot be proxied (like DNS, DHCP, TFTP, ...) and not as a replacement for a sane setup. apart from that SELinux can be quite a pita to configure - so this is not for the uninitiated. On Thu, Feb 17, 2011 at 9:08 AM, Okechukwu <okechukwu@gmail.com> wrote:
Jail & SELinux does all this for you :-)
./Ok3ch
On Thu, Feb 17, 2011 at 8:57 AM, Christian Ledermann <christian.ledermann@gmail.com> wrote:
The reason to run a webserver on a high port like 8080 is that running on a port higher than 1000 does not require root privileges, so when the application is compromised the intruder will only get the privileges of the user running that server.
Having said that, most servers are able to drop root privileges after they established connecting to the port (e.g. 80) so again an intruder will only get the privileges of an unprivileged user.
If the server is not able to drop privileges it is a VERY good idea to run it on a high port and proxy it by a server which is able to do this. _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best Regards,
SELinux is an animal - but when nicely tamed, can do wonders. The concept of a system protecting itself against itself will for sure eliminate any root privilege's issues. ./Ok3ch On Thu, Feb 17, 2011 at 9:55 AM, Christian Ledermann <christian.ledermann@gmail.com> wrote:
IMHO jail and SELinux are meant to provide additional security or to secure a server you have to run as root and cannot be proxied (like DNS, DHCP, TFTP, ...) and not as a replacement for a sane setup. apart from that SELinux can be quite a pita to configure - so this is not for the uninitiated.
On Thu, Feb 17, 2011 at 9:08 AM, Okechukwu <okechukwu@gmail.com> wrote:
Jail & SELinux does all this for you :-)
./Ok3ch
On Thu, Feb 17, 2011 at 8:57 AM, Christian Ledermann <christian.ledermann@gmail.com> wrote:
The reason to run a webserver on a high port like 8080 is that running on a port higher than 1000 does not require root privileges, so when the application is compromised the intruder will only get the privileges of the user running that server.
Having said that, most servers are able to drop root privileges after they established connecting to the port (e.g. 80) so again an intruder will only get the privileges of an unprivileged user.
If the server is not able to drop privileges it is a VERY good idea to run it on a high port and proxy it by a server which is able to do this. _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best Regards, _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
participants (5)
-
Christian Ledermann -
Gichuki John Chuksjonia -
Odhiambo Washington -
Okechukwu -
wesley kirinya