El 10/8/25 a las 23:39, Grant Edwards escribió:
On 2025-08-10, Javier Martinez <[email protected]> wrote:

PD: nc -l myip myultracriticalport breaks your countermeasure of
using proc to avoid port use (ip_local_reserved_ports)

You can not run "nc -l myip myultracriticalport" on the system in
question.

is part of the solution, not the solution itself. You need iptables
in all cases.

No, I do not.

--
Grant








You can do this:

Create iptable rule that allows using this port for one user with -m owner
If it's not this user who is trying to use the port, use LOG with a concrete string with a DROP default policy. Instruct syslog-ng with a rule using the "concrete string" to write a file monitored by inotify that execs one script that locates the offending command and kills it.

If not any troll with access to anything can use any port over 1024

Attachment: OpenPGP_0x57E64E0B7FC3BEDF.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Reply via email to