Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and beginning April 20th, 2021 (Eastern Time) the Yahoo Answers website will be in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.
Trending News
Would this stop almost all buffer overflow and related hacker attacks on a network HELP?
So exploits are used all the time by hackers against a running web service like an FTP server, web server etc. etc. MY question is say you're running a small network that has some FTP servers running on port 21 for whatever reason.
IF you are running an open source FTP server or even a closed source popular FTP server there's a huge chance a hacker(s) can get a hold of the source code and find vulnerabilities to try and exploit so as to gain access to the machine right? Right! No mystery there.
Now say instead of installing someone ELSE'S FTP server I create program and code MY OWN FTP SERVER PROGRAM just especially for that small network. The ftp server hypothetically isn't used anywhere else and isn't distributed .
Since a hacker wouldn't have access to the source code OR EVEN THE BINARIES, wouldn't that technically mean that a hacker would have a very hard to impossible time trying to exploit that service running?
Someone talk about this? lol
1 Answer
- 10 years agoFavorite Answer
No, This is referred to as Security by obscurity in the computer industry and is highly frowned upon
An open source FTP client would be referred to as 'security by visibility'
Although there may well be exploits published on open source client, you have the advantage of many hundreds, thousands of users continually testing and reviewing the code, and you have both black hat and white hat hackers trying to exploit the program. There are numerous security updates that fix any attacks against the program. So it's almost proven to be stable over the course of time, of course there will always be more attacks but assuming you use the latest version and common sense you will be protected
If you use your own custom written FTP server, you will not have those above advantages, there's no way you can compete.. ..so you will have many more holes that are going to be ripe to be attacked, even though you can't see the source code you can still get an idea of what to do to comprise it.,. It will be much EASIER to execute buffer overflows on simple programs such as yours
A skilled hacker knows enough information about FTP protocol and gaining entry to try some obvious things that are common with FTP in general first and your program won't be prepared for this as it hasn't been hardened
For other programs the only advantage is the attacker hasn't seen this before, but for FTP it won't help you,, it's generally always considered a bad idea
Source(s): http://www.techrepublic.com/article/security-throu... http://en.wikipedia.org/wiki/Security_through_obsc... http://programmers.stackexchange.com/questions/519...