Security question concerning port security and SSH.

Security question concerning port security and SSH.

Post by Siza » Fri, 20 Jul 2001 03:45:06



I'm developing a program for people around my office to use, it
communicates over TCP and someone brought up security issues.  Right now
we have two different oppinions on how to settle this and I was hoping
someone here could clear things up a little.  The program is two parts: a
perl script on a remote machine that accepts one argument, then opens up a
TCP connection to my local computer over some port of my choosing and
conveys this one argument to an application I have listening on my
computer to that port.  The application then processes this argument and
sends it onto another application to use.  The concern now is that someone
could port-scan the local computer, and flood my port with information
which would in turn would make my application flood the other application
its communicating with, making it useless.
My coworkers' suggestion is to instead have the script on the remote
machine open a SSH session to my local computer and just run another PERL
script that communicates to the final application, then close and re-open
the session every time.  My idea is to use my current script but add a
variable that contains a 10 digit number, then pass this number along with
the original argument.  The listening application on my local machine also
knows this special number and will only listen to requests that pass this
number.  Nobody else can find out this number because the script on the
remote machine will have 700 permissions, and I'll set the number after
the permissions are set to 700.  Granted someone could hack into the
remote machine as me, but that would be a whole other world of issues.
I want to do it my way because not only will it be virtually no extra
development time (like 5 mins to add the extra argument), where the other
way would require rewriting the sending script and creating a listening
script.  But also because as it is now just sending data over this TCP
port it takes all of 2 seconds from start to finish, if I had to open a
SSH session every time I'm sure it would increase the time.
I see no difference between having my port (say 5938) only listen to
certain messages, and the SSH host (21 or whatever) which also will only
listen to a message that has been security checked.  In fact, the only way
my solution would fail (besides someone finding out the number) is if they
just attacked the port with brute force, but the SSH port would fail in
the same situation.  I feel that the other solution is spawned from a
general trust in the security of SSH, but I don't need this data
encrypted, which is the big deal of SSH, so I would have to put up with
the overhead of SSH but not really use it.

Any opinions would be appreciated.

 
 
 

Security question concerning port security and SSH.

Post by Daniel Polomb » Fri, 20 Jul 2001 17:46:09



> My idea is to use my current script but add a
> variable that contains a 10 digit number, then pass this number along with
> the original argument.  The listening application on my local machine also
> knows this special number and will only listen to requests that pass this
> number.  Nobody else can find out this number because the script on the
> remote machine will have 700 permissions, and I'll set the number after
> the permissions are set to 700.  Granted someone could hack into the
> remote machine as me, but that would be a whole other world of issues.

Since you seem to be sending the data in cleartext, anyone sniffing the
network between the remote machine and your own can see the shared
secret. So much for the added security.

 
 
 

Security question concerning port security and SSH.

Post by Colin McKinno » Fri, 20 Jul 2001 21:27:06



Quote:> My coworkers' suggestion is to instead have the script on the remote
> machine open a SSH session to my local computer and just run another PERL
> script that communicates to the final application, then close and re-open
> the session every time.

Wouldn't tunneling the existing transmission through ssh be simpler?

Quote:>My idea is to use my current script but add a
> variable that contains a 10 digit number, then pass this number along with
> the original argument.  The listening application on my local machine also
> knows this special number and will only listen to requests that pass this
> number.  Nobody else can find out this number because the script on the
> remote machine will have 700 permissions, and I'll set the number after
> the permissions are set to 700.  Granted someone could hack into the
> remote machine as me, but that would be a whole other world of issues.

Or use a packet sniffer, get your 10 digit number and abuse your software
for as long as it takes you to find out.

As an alternative to SSH, why not create a one time password instead of a
static shared secret. This can be really easy using a stored data and random
data, send the random key and the password to the remote system...
e.g. (in bash)
STOREDKEY=`cat /some/secret/file`
RANDOMKEY=`head -1 /dev/urandom | cat -v | cut -b0-20`
PASSWORD=`echo $STOREDKEY$RANDOMKEY | md5sum`
PASSWORD="$RANDOMKEY$STOREDKEY"

and at the other end......
STOREDKEY=`cat /some/secret/file`
read SENTPASSWORD
RANDOMKEY=`echo $SENTPASSWORD | cut -b0-20`
MYPASSWORD=`echo $STOREDKEY$RANDOMKEY | md5sum`

Then if SENTPASSWORD and MYPASSWORD match all is well.

HTH

Colin

 
 
 

1. security concern on port 111?

Hi,

I have a network that I admin that I get logchecker entries from.

There seems to be a consistant lot of Destination ports going to port 111.
It seems that this is trying to send info from 'hacker' IP's to that port
(is that correct?) coming from source ports over 1024.
Should I be worried about people trying to get in on port 111 (IPX on IP
according to /etc/services)

I'm a little worried about people getting info about our system from
responses.

PS: Does portsentry correctly deny all ports not open? I've heard that it
just sends all non-open ports to /dev/null (or equivalent). Is this correct?

Reagrds,

Jason Brisbane
Sys Admin

2. Middle button doesnt paste

3. Question concerning security

4. Eudora password

5. comp.security.unix and comp.security.misc frequently asked questions

6. unable to burn CD's

7. SCSI troubles