-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, Apr 01, 2017 at 01:00:45AM +1300, cbannis...@slingshot.co.nz wrote:
[...] > My understanding is that if there are no services listening on a port then > it cannot be accessed. > > e.g. > > http://serverfault.com/questions/733633/if-no-service-is-listening-on-a-port-can-a-system-still-be-accessed-using-that-p > > An I missing something? As Dominik said: it's "defense in depth". If your PHP^H^H^H web application has some code injection issue, your adversary might well install a C&C server listening on that port, and work from there on (exfiltrate data, try some privelege escalation, whatever). Now there might be other avenues for that, but security is about closing the avenue your adversary is going to use next ;-) regards - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEUEARECAAYFAljeSPwACgkQBcgs9XrR2kZccACSAtp4XjR4TifCMA1+Ip/j+oM0 wQCfe9snMu/5hvDCXb+5joez/4iPDQ4= =5oco -----END PGP SIGNATURE-----
