I have an old laptop with far too little RAM to run Linux (including specialty d

Question

I have an old laptop with far too little RAM to run Linux (including specialty distributions). It can however run Windows 98 just fine, and I'm looking into turning it into a tiny retro webserver.

Is it possible to keep an old operating system webserver from being hacked? All I'm looking for is a simple port 80 static website with no over-the-web administration abilities.

I have no significant experience with security, or exploiting security holes. So I'm not sure where to look. Can a DOS/WIN95/WIN98 box be exploited if all it does is respond to simple HTTP requests?

Explanation / Answer

Probably not. In order to respond to HTTP requests, the operating system must be able to run a TCP/IP stack, process packets, and complete a TCP handshake, all requiring the system to utilize or spawn threads in memory, call libraries, etc. Therefore, the system would still be susceptible to protocol attacks it may not be patched for (TCP sequence prediction is one that comes to mind for a web server that might run on Win98).

You could compile and run a modern server like nginx or Apache (probably would have to heavily modify it, as it won't run on Win98 out of the box), but older operating systems being on a network are inherently prone to network probing and network attacks. Even if TCP 80 were port forwarded through a firewall, the web server process would still be running inside of a system lacking modern protections like DEP, ASLR, etc.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.