El 10/8/25 a las 23:39, Grant Edwards escribió:
On 2025-08-10, Javier Martinez <[email protected]> wrote:PD: nc -l myip myultracriticalport breaks your countermeasure of using proc to avoid port use (ip_local_reserved_ports)You can not run "nc -l myip myultracriticalport" on the system in question.is part of the solution, not the solution itself. You need iptables in all cases.No, I do not. -- Grant
You can do this: Create iptable rule that allows using this port for one user with -m ownerIf it's not this user who is trying to use the port, use LOG with a concrete string with a DROP default policy. Instruct syslog-ng with a rule using the "concrete string" to write a file monitored by inotify that execs one script that locates the offending command and kills it.
If not any troll with access to anything can use any port over 1024
OpenPGP_0x57E64E0B7FC3BEDF.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature

