H, On Sat, 18 Jul 2015 06:47:21 +0300 Nikos Chantziaras wrote: > > The problem I (possibly needless) see is: While I am tinkering and > > testing the configuration I may setup an open Wifi access point > > without noticing it in first glance and > > BANG! get hacked ... in the worst case: unrecognized... > > > > What is the "best practice" here? > > Is there a certain independant configuration, which I can set, > > which prevents this scenario? > > > > Thank you very much in advance for any help! > > Best regards, > > Meino > > > > PS: If one knows the ASUS Memo Pad 7 ME176CX and knows a > > way to locally connect this tablet to the internet...this > > would be a way to go also. I would appreciate any hint in > > this case (Using Lollipop 5.0). > > If you don't have any daemons running that provide network services > (have opened listen ports), you can't get hacked. This is usually a > problem for Windows, which by default has a gazillion of services > running (NetBIOS, printer/media/filesystem/everything sharing, > messaging, remote desktop, etc.) > > On Gentoo, if *you* didn't set up a service, then nothing is listening > on the network.
Yes and no. If user enabled network interface and has no network daemons running, kernel still listens to that interface (ARP, icmp and so on) and may be hacked using vulnerabilities in network stack, protocol handlers or even network device drivers. By default Gentoo has no interfaces enabled, but usually they are set up during initial install. And users may be unaware that even without any network applications they may be vulnerable with enabled interfaces. Proper configuration of kernel, especially iproute2 and iptables can minimize such risks, of course. Best regards, Andrew Savchenko
pgpKQ3DbwKSv3.pgp
Description: PGP signature
