[PLUG] Security of Knoppix?

Keith Lofstrom keithl at kl-ic.com
Mon Aug 16 19:37:01 UTC 2004


I just told someone that boot-from-CD Knoppix is pretty secure from
network attack (if not silly-user-enabled attack).  Then it occured to
me that I wasn't really sure.  When I boot a knoppix 3.4 CD on a box,
dhcp'ing onto my internal net, then nmap it, I see these two ports open:

68/tcp    open  dhcpclient
6000/tcp  open  X11

The first is for renewing dhcp leases, the second is for X11, which
starts up with /etc/X11/xinit/xserverrc set to  -nolisten .

This seems to leave the machine close to bulletproof.  Of course, if
a blackhat somehow manages to get in, they can run rampant on the
(non-executable) hard drive, and in general do difficult tweaks to
the runtime environment and the programs that are running in RAM. 
They might even snag the user's passwords with a keyboard monitor
program (though a man-in-the-middle attack seems more likely).  But in
general, a Knoppix on a CD seems like a pretty difficult target to
attack, compared to a writeable system offering services to the world. 
Especially if that is some breed of windoze ...

Am I missing something?  Have there been any recent Knoppix security
compromises?  

Keith

-- 
Keith Lofstrom           keithl at ieee.org         Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs




More information about the PLUG mailing list