Sign in to follow this  
Followers 0
clearguy

Question on security with TCP

3 posts in this topic

Hi,

I'm wondering if TCP can permit hacking, I'm sure when I'm using a server with simple not 'securised' script someone could hack me , isn't it?

I wrote a server that checks login credentials and when the password or login are incorrect, the client doesn't get 'connection'.

But in fact only the variable which got TCPAccept(...) gets equal to -1. I'm carrying about that TCP which was accepted, it is still active? Can someone intrude in my computer using this open port?

Server is from this topic=> http://www.autoitscript.com/forum/index.ph...c=35037&hl=

Share this post


Link to post
Share on other sites



Open ports are what make networks work, so don't be fearful of them.

Hacking through a port requires an understanding of what's listening and acting on the other side. If you know that the application listening to that port can be tricked into running arbitrary code by, say, overflowing it's buffers with a particular set of characters, then you can hack it.

Therefore, if you are very worried about someone compromising your server, develop some very strict rules about what kind of input gets processed, and what kind gets ignored. If you're worried about inherent buffer overflow vulerabilities in AutoIt (if any) trim the input down to a minimum size. Use regex to validate the input, so only A-Z,a-z and 0-9 get processed. Only accept connection from a range of IPs you deem safe. Log connections and what they are doing, and by god, review and understand those logs.

You get the idea.


[font="Fixedsys"][list][*]All of my AutoIt Example Scripts[*]http://saneasylum.com[/list][/font]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0