PID hackable from an open port?
Results 1 to 4 of 4

Thread: PID hackable from an open port?

  1. #1
    Junior Member
    Join Date
    Aug 2002
    Posts
    25

    Question PID hackable from an open port?

    Hi there,

    I recently got into a discussion with a friend on the insecurities of Win2k. He told me that if you have an open port and know the PID of a service, you can essentially take over that process. I had always been under the assumption that a port is tied to a service so only that service could be hacked, but nothing else. I know that MS has it's security problems but that seemed a bit too easy. If you think about it, it's not very difficult to find an open port on a server and the system process is always 8. With that knowledge no Win2k server would be secure. Please help? Thanks.


  2. #2
    Member
    Join Date
    Oct 2002
    Posts
    64
    I am fairly sure no such "master" Win2k vulnerability exists. Only vulnerable services can be compromised. If you dont want this problem at all get a real operating system, OpenBSD.

  3. #3
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    I think your friend is referring to a design flaw in windows that was heavily discussed a few months ago. The way I understood the discussion is that the way message passing is done in windows it could allow an unpriveledged user privelaged access by monkeying with the message passing interface. In other words, it is to my knowledge, a privelage escalation attack, not necessarily a remote attack.

    Found part of the discussion here:

    http://online.securityfocus.com/arch...4/2002-07-10/0 (one of the dicussions floating around)

    http://www.isg.rhul.ac.uk/~simos/event_demo/ (the 'white paper' or 'demo' of the proof of concept).

    /Nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  4. #4
    Junior Member
    Join Date
    Aug 2002
    Posts
    25
    Interesting links, but I'm not sure if thats what he was talking about. I'm sure he was talking about a remote attack.
    Love is the only reality of the world, because it is all One, you see. And the only laws are paradox, humor, and change. There is no problem, never was, never will be. Release your struggle, let go of your mind, throw away your concerns, and relax into the world.

    Dan Millman, The Way of The Peaceful Warrior

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •