W dniu 03.04.2015 o 21:58, Matthias Apitz pisze: > El día Friday, April 03, 2015 a las 09:47:33PM +0200, Michał Sawicz escribió: > >>>> > >> Isn't not listening on any outside port better than putting a firewall >>>> > >> on the device? If you find a service that is actually listening on the >>>> > >> device, that'd definitely be a bug that needs fixing. >>> > > >>> > > The device is at least (after enabling SSH) listening on port 22. >> > >> > Yes, after enabling it, which is a developer thing to do. > Yes, but after enabling this, it is always there; and even in dev mode > it could be protected by some access-list, or firewall;
Not a priority for a phone that still lacks a bit of normal user features I'd say. As a more tech-y person you can easily use iptables to do this on your phone. Not supported, so YMMV. >>>> > >> Can you describe an attack vector you're imagining that would require >>>> > >> a >>>> > >> firewall to be installed on the device? >>> > > >>> > > The above mentioned port 22 and any other any app may LISTEN on. >> > >> > Apps are confined, they can not open ports to listen on. > I dod not knew this, that apps can not open any LISTEN. See the wiki for some details, although that does not speak of listening in particular. https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement > And, what about DSO attacks? You mean DoS? Maybe I'm out of my depth here, but if the packets are just dropped because there's nothing listening on a port, isn't that the best prevention of DoS? -- Michał Sawicz <michal.saw...@canonical.com> Canonical Ltd.
signature.asc
Description: OpenPGP digital signature
-- Mailing list: https://launchpad.net/~ubuntu-phone Post to : ubuntu-phone@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
