Jump to content
Sign in to follow this  
clearguy

Question on security with TCP

Recommended Posts

clearguy

Hi,

I'm wondering if TCP can permit hacking, I'm sure when I'm using a server with simple not 'securised' script someone could hack me , isn't it?

I wrote a server that checks login credentials and when the password or login are incorrect, the client doesn't get 'connection'.

But in fact only the variable which got TCPAccept(...) gets equal to -1. I'm carrying about that TCP which was accepted, it is still active? Can someone intrude in my computer using this open port?

Server is from this topic=> http://www.autoitscript.com/forum/index.ph...c=35037&hl=

Share this post


Link to post
Share on other sites
lod3n

Open ports are what make networks work, so don't be fearful of them.

Hacking through a port requires an understanding of what's listening and acting on the other side. If you know that the application listening to that port can be tricked into running arbitrary code by, say, overflowing it's buffers with a particular set of characters, then you can hack it.

Therefore, if you are very worried about someone compromising your server, develop some very strict rules about what kind of input gets processed, and what kind gets ignored. If you're worried about inherent buffer overflow vulerabilities in AutoIt (if any) trim the input down to a minimum size. Use regex to validate the input, so only A-Z,a-z and 0-9 get processed. Only accept connection from a range of IPs you deem safe. Log connections and what they are doing, and by god, review and understand those logs.

You get the idea.


[font="Fixedsys"][list][*]All of my AutoIt Example Scripts[*]http://saneasylum.com[/list][/font]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.