Re: [Openjnlp-devel] Another update on Elvis

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Saturday, April 27, 2002, at 03:20 , Christopher Heiny wrote:
[...]
> For additional paranoia, the Elvis port is chosen semi-randomly, by 
> adding a
> random offset to a base port number supplied by the client..  This 
> should
> make port guessing by an attacker difficult, except that the port 
> number is
> stored in the same vulnerable directory mentioned above (and can be 
> fixed in
> the same way).

This sounds good, but isn't necessarily. It's pretty simple to just run 
"netstat -a" to see what ports are being listened to. And if you're 
listening only on 127.0.0.1 it's even more obvious, since there are so 
few things restricted to 127.0.0.1. This falls into the "security by 
obscurity" category and seems more secure than it actually is. I'm not 
saying it's a bad thing to do, but I'd recommend focusing more on secure 
message passing.

> Right now, if Elvis receives a connection attempt from a machine other 
> than
> the local host, he decides that he's under attack and exits immediately.

Is Elvis listening on 127.0.0.1 only? If so, there is no way a 
connection can come from anywhere than 127.0.0.1. Well, okay, 
technically maybe any interface on the current machine but certainly not 
an interface from a different machine.