[PLUG] Security of Knoppix?
Keith Lofstrom
keithl at kl-ic.com
Mon Aug 16 19:37:01 UTC 2004
I just told someone that boot-from-CD Knoppix is pretty secure from
network attack (if not silly-user-enabled attack). Then it occured to
me that I wasn't really sure. When I boot a knoppix 3.4 CD on a box,
dhcp'ing onto my internal net, then nmap it, I see these two ports open:
68/tcp open dhcpclient
6000/tcp open X11
The first is for renewing dhcp leases, the second is for X11, which
starts up with /etc/X11/xinit/xserverrc set to -nolisten .
This seems to leave the machine close to bulletproof. Of course, if
a blackhat somehow manages to get in, they can run rampant on the
(non-executable) hard drive, and in general do difficult tweaks to
the runtime environment and the programs that are running in RAM.
They might even snag the user's passwords with a keyboard monitor
program (though a man-in-the-middle attack seems more likely). But in
general, a Knoppix on a CD seems like a pretty difficult target to
attack, compared to a writeable system offering services to the world.
Especially if that is some breed of windoze ...
Am I missing something? Have there been any recent Knoppix security
compromises?
Keith
--
Keith Lofstrom keithl at ieee.org Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
More information about the PLUG
mailing list