Services used by network administrators to directly manage remote hosts over TCP/IP (e.g., SSH, Telnet, VNC, and others) are threatened by three categories of attack:
An online bank may be running the Telnet service on its Internet routers for administrative purposes. This service may not be vulnerable to information leak or process-manipulation attacks, but a determined attacker can launch a brute-force attack against the service to gain access. Brute force is an increasingly popular attack vector for attackers attempting to break moderately secure networks. I have derived this list of common remote maintenance services from the /etc/services file: ssh 22/tcp telnet 23/tcp exec 512/tcp login 513/tcp shell 514/tcp x11 6000/tcp citrix-ica 1494/tcp ms-rdp 3389/tcp vnc-http 5800/tcp vnc 5900/tcp
|