Sign in with
Sign up | Sign in
Your question

What if no firewall when using eDonkey or Kazaa?

Last response: in Networking
Share
Anonymous
a b 8 Security
May 14, 2004 1:31:32 PM

Archived from groups: alt.internet.p2p,comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

I found I had left my firewall disabled by mistake.

I have been running my Overnet (file sharing) software for about 24
hours. What risks have I been taking?

Is it really necessary to always run a firewall when using file
sharing applications like Overnet, eDonkey or Kazaa?

More about : firewall edonkey kazaa

Anonymous
a b 8 Security
May 14, 2004 4:12:23 PM

Archived from groups: alt.internet.p2p,comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

Piotr Makley wrote:

> I found I had left my firewall disabled by mistake.
>
> I have been running my Overnet (file sharing) software for about 24
> hours. What risks have I been taking?
>
> Is it really necessary to always run a firewall when using file
> sharing applications like Overnet, eDonkey or Kazaa?
Hi,

this has nothing to do with kazaa and so on, because these deamons you
expose to the internet anyways. It depends which other services you have
running on your external interface. If there is a nfs server running, and
you don't have a ip range set, you have a high risk. If you turn of all
deamons except your file sharing deamons, no firewall is necessary at all.

Regards, Alex
Anonymous
a b 8 Security
May 14, 2004 6:30:17 PM

Archived from groups: alt.internet.p2p,comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

"Piotr Makley" <pmakley@mail.com> wrote in message
news:16bc089333b6df4be2c045572dc1a5fc@news.teranews.com...
> I found I had left my firewall disabled by mistake.
>
> I have been running my Overnet (file sharing) software for about 24
> hours. What risks have I been taking?
>
> Is it really necessary to always run a firewall when using file
> sharing applications like Overnet, eDonkey or Kazaa?

Running a software firewall is just a really good idea, but if your system
is up to date on all the MS patches, you are likely just fine following this
24-hour lapse. During that period of time however, you were visible online
to every script kiddie with a port scanner. If you want to see how
vulnerable (or not) your system is with the firewall disabled, visit
http://www.grc.com and click on "Shields U&p" for a very quick and thorough
(but completely harmless) scan of your system. Do it twice- once with your
firewall disabled and then once with it enabled, just for the sake of
comparison.

Regards,
Ian.
Related resources
Can't find your answer ? Ask !
Anonymous
a b 8 Security
May 14, 2004 10:32:25 PM

Archived from groups: alt.internet.p2p,comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

Piotr Makley wrote:

> I found I had left my firewall disabled by mistake.
>
> I have been running my Overnet (file sharing) software for about 24
> hours. What risks have I been taking?
>
> Is it really necessary to always run a firewall when using file
> sharing applications like Overnet, eDonkey or Kazaa?
>

I say the two are separate issues, firewalls are trained to allow
programs to send and receive packets by you so you can tell your
firewall to allow Kazaa etc to run through the firewall. Of course these
act as server software and can be very dangerous since you allow things
to come through your firewall without you initiating the request if you
allow uploading. Kazaa checks for viruses worms and trojans, I do not
know if Overnet does. Your AV will probably scan the file also.

Without a firewall you are wide open, not just the apps you allow to go
through the firewall but to everything attempting to access your system.

g-w
Anonymous
a b 8 Security
May 15, 2004 12:13:17 AM

Archived from groups: alt.internet.p2p,comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

"Piotr Makley" <pmakley@mail.com> wrote in message
news:16bc089333b6df4be2c045572dc1a5fc@news.teranews.com...
> I found I had left my firewall disabled by mistake.
>
> I have been running my Overnet (file sharing) software for about 24
> hours. What risks have I been taking?
>
> Is it really necessary to always run a firewall when using file
> sharing applications like Overnet, eDonkey or Kazaa?
>
Hi, I think I would scan my computer with the AV, Spybot S&D, and
AdAware, after I enabled my Firewall. I'd go to grc.com and scan with
Shield'sUp port scanner to make sure my firewall was still protecting
the computer.

If you're connected to the Internet, you need a firewall.

charlie R
Anonymous
a b 8 Security
May 15, 2004 12:28:37 AM

Archived from groups: alt.internet.p2p,comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

"Jim Grimmett" <cssjwg@bath.ac.uk> wrote:

> "Piotr Makley" <pmakley@mail.com> wrote:
>>
>> Is it really necessary to always run a firewall when using
>> file sharing applications like Overnet, eDonkey or Kazaa?
>
> I'd shorten this to "Q:Is it really necessary to always run a
> firewall"
>
> A: Yes.


Then the next short question is .... why?



[groups restored]
Anonymous
a b 8 Security
May 15, 2004 12:28:38 AM

Archived from groups: alt.internet.p2p,comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

Piotr Makley schrieb:
> "Jim Grimmett" <cssjwg@bath.ac.uk> wrote:
>>"Piotr Makley" <pmakley@mail.com> wrote:
>>>Is it really necessary to always run a firewall when using
>>>file sharing applications like Overnet, eDonkey or Kazaa?
>>
>>I'd shorten this to "Q:Is it really necessary to always run a
>>firewall"
>>
>>A: Yes.
>
> Then the next short question is .... why?

Well, I would say: no. It is not always necessary. It is necessary if
you have services running on your computer that listen on ports of the
interface connected to the internet but that you don't want to be
accesible from the internet. Which then leads to the question: why would
you have the service running like that in the first place?

So my answer is "no": if you shutdown all unnecessary services on your
computer that usually listen to the network or at least do not bind them
to the interface connected to the internet then you are perfectly
safe. The risks you take when using any of the file sharing applications
then remain the same with or without firewall because only those
applications will listen to the internet (i.a.w. the firewall would have
nothing to do in this scenario...)

Gerald
May 15, 2004 6:06:30 AM

Archived from groups: alt.internet.p2p,comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

"charlie R" <welpctSKIPME@psci.net> wrote in message news:<c83qs4$qmj$1@pscinews.psci.net>...
>
> If you're connected to the Internet, you need a firewall.
>

i agree. if msblaster and sasser aren't good enough arguments for
having a firewall, i don't know what is.
Anonymous
a b 8 Security
May 15, 2004 3:59:46 PM

Archived from groups: alt.internet.p2p,comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

On 15 May 2004 02:06:30 -0700, mikemurray77@hotmail.com (miner) wrote:

>> If you're connected to the Internet, you need a firewall.
>>
>
>i agree. if msblaster and sasser aren't good enough arguments for
>having a firewall, i don't know what is.

They are good arguments for protecting yourself. We've been
discussing whether a firewall is a necessary part of this protection.
May 15, 2004 3:59:47 PM

Archived from groups: alt.internet.p2p,comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

On Sat, 15 May 2004 11:59:46 +0100, Laurence Payne
<l@laurenceDELETEpayne.freeserve.co.uk> wrote:

>On 15 May 2004 02:06:30 -0700, mikemurray77@hotmail.com (miner) wrote:
>
>>> If you're connected to the Internet, you need a firewall.
>>>
>>
>>i agree. if msblaster and sasser aren't good enough arguments for
>>having a firewall, i don't know what is.
>
>They are good arguments for protecting yourself. We've been
>discussing whether a firewall is a necessary part of this protection.

A firewall is part of a layered defense. Since all layers are
reactive, and depend upon alerts and updates provided by the "good
guys", IMHO, every layer is essential.

Firewall (hardware and/or software based).
AntiVirus (real-time and periodic scans).
AntiSpyware/Trojan (real-time and periodic scans).
System Security Updates (Microsoft and others).
Browser Hardening.
Website Hosts file blocking.
Use of basic system security features, and common sense precautions.
Constant education.

All of the above security measures depend upon information provided by
the good guys. Pray that the good guys provide the alerts and updates
before the bad guys find out, and develop an exploit.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
May 15, 2004 4:16:20 PM

Archived from groups: alt.internet.p2p,comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

"miner" wrote...
> "charlie R"...
>>
>> If you're connected to the Internet, you need a firewall.

> i agree. if msblaster and sasser aren't good enough arguments for
> having a firewall, i don't know what is.

I think they're good arguments for closing the NetBT and RPC ports
that Windows likes to listen on - which is what I have done. I run
no firewall, and am not troubled by these exploits.

Of course, if you're prone to downloading and running malware, a
firewall might be useful.
Anonymous
a b 8 Security
May 15, 2004 4:56:12 PM

Archived from groups: comp.security.firewalls (More info?)

"Alexander Harsch" <infodude@gmx.de> wrote in message
news:c8260c$2cm$1@ulysses.news.tiscali.de...
> Piotr Makley wrote:
>
> > I found I had left my firewall disabled by mistake.
> >
> > I have been running my Overnet (file sharing) software for about 24
> > hours. What risks have I been taking?
> >
> > Is it really necessary to always run a firewall when using file
> > sharing applications like Overnet, eDonkey or Kazaa?
> Hi,
>
> this has nothing to do with kazaa and so on, because these deamons you
> expose to the internet anyways. It depends which other services you have
> running on your external interface. If there is a nfs server running, and
> you don't have a ip range set, you have a high risk. If you turn of all
> deamons except your file sharing deamons, no firewall is necessary at all.
>
> Regards, Alex

I wouldn't go that far Alex. He may have a Trojan smtp server installed in
the background when installing some other piece of free software. This
Trojan could be running ready for someone to pass email through it to make
it appear it originated at his IP and his firewall was stopping it working
until he turned it off. If he is running XP and hasn't done all the security
updates then there are many ways his PC could have been infiltrated.

Always use a firewall and don't rely on the one supplied with XP. There are
plenty around that are free to home users, and that goes for antivirus too.

A.W.
Anonymous
a b 8 Security
May 16, 2004 12:32:45 AM

Archived from groups: alt.internet.p2p,comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

"Ant" <not@home.today> wrote:

>>> If you're connected to the Internet, you need a firewall.
>
>> i agree. if msblaster and sasser aren't good enough
>> arguments for having a firewall, i don't know what is.
>
> I think they're good arguments for closing the NetBT and RPC
> ports that Windows likes to listen on - which is what I have
> done. I run no firewall, and am not troubled by these
> exploits.



How do you close the NetBT and RPC ports?

I think I might like to do the same as you have done.
May 16, 2004 3:56:57 AM

Archived from groups: alt.internet.p2p,comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

"Piotr Makley" wrote...

> How do you close the NetBT and RPC ports?
>
> I think I might like to do the same as you have done.

Ok. First I am using Windows 2000 on a stand-alone PC (no LAN) with a
dial-up Internet connection, and second I don't run P2P apps (I'm
reading this thread in alt.computer.security).

A long time ago I reduced the number of services running to a bare
minimum by disabling, or setting them to manual startup. The only
protocol bound to my modem is TCP/IP.

To close ports 137, 138, & 139, disable NetBIOS over TCP/IP in the
networking properties for each network adapter.

To close port 135, run "dcomcnfg" from a command prompt or the "Start
-> Run" dialog. On Win2k a dialog box appears. Select "Default
Properties" and untick "Enable Distributed COM". Select "Default
Protocols" and remove "Connection-oriented TCP/IP". On WinXP (which I
don't have) an MMC console is launched. Click around to find the
options. After a reboot port 135 should be closed.

To close port 445, disable raw SMB transport by adding the value
"SmbDeviceEnabled" to the registry, and reboot:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
Name: SmbDeviceEnabled
Type: DWORD (REG_DWORD)
Data: 0

Check the ports are not listening by typing "netstat -an" from a
command prompt.

For more info see:
http://www.hsc.fr/ressources/breves/min_srv_res_win.en....
Anonymous
a b 8 Security
May 18, 2004 3:59:38 AM

Archived from groups: alt.internet.p2p,comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

Piotr Makley wrote:
> I found I had left my firewall disabled by mistake.
>
> I have been running my Overnet (file sharing) software for about 24
> hours. What risks have I been taking?
>
> Is it really necessary to always run a firewall when using file
> sharing applications like Overnet, eDonkey or Kazaa?

no, not even a virusscanner is necessary if you know what you are doing,
but if you ask this question maybe it is for you ;) 


--
Dieter D'Hoker
news:free.nl.dieter.dhoker & news:alt.nl.fan.dieter.dhoker
Multiplayer tetris? http://www.tsrv.com/
Anonymous
a b 8 Security
May 19, 2004 9:26:43 PM

Archived from groups: alt.internet.p2p,comp.security.misc,alt.computer.security,comp.security.firewalls (More info?)

In article <qegca05he5arhgs6kvh4gtno8d8f2lg02r@4ax.com>, Chuck
<none@example.net> wrote:
>A firewall is part of a layered defense. Since all layers are
>reactive, and depend upon alerts and updates provided by the "good
>guys", IMHO, every layer is essential.

Is a firewall reactive, depending on alerts and updates?

Classic firewall advice is to block all traffic except that which you know
you need. Unless your needs for open ports change, in what way would a
firewall require alerts or updates? [Except to fix its own flaws, perhaps -
but I don't think that alone makes it 'reactive'.]

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place | alun@texis.com.
Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
!