Archived from groups: comp.security.firewalls (
More info?)
"Wolfgang Kueter" <wolfgang@shconnect.de> wrote in message
news:cbbjc8$1tv$1@news.shlink.de...
> news wrote:
>
> > Thanks! How safe is an ip blocking method? Is it still possible for
> > someone with a not allowed ip to hack inside?
>
> Please define 'hack inside'. And keep in mind that 'hacking inside'
requires
> a service that is running and can be expolited in whatever way. Anyhow a
> service was always installed or started by yourself (perhaps by unwilligly
> executing malware).
>
> > How can they get around that?
>
> Think at least twice, what software you install. Use an operating system
> that knows user and access rights, set these strict. Switch all unwanted
> services off.
>
> > They need to show their ip to get inside my pc, right?
>
> Every machine that communicates via a tcp/ip network needs an ip.
>
> > Can it be faked so it looks like an allowed one?
>
> When udp is used as the transport protocol ip spoofing is easy, when tcp
is
> used, it it quite difficult. Spoofing icmp is also easy but icmp is no
> transport protocol, therefore there is no playload like tcp or udp.
>
> > Or can they change the adjustments for the blocked/allowed ip some other
> > way?
>
> Which ip do you want to block? Remember: If you run no services, nobody
cann
> connect to your machine.
>
> > Perhaps from inside (If already
> > there) with a trojan!? But those can be found and destroyed easier i
> > guess.
>
> A system that is infected with malware has to be reinstalled completely
from
> clean media.
> >
> > I´m not scared of someone searching through my computer. But what i am
> > scared of is that someone might use my ip for illegal activities.
>
> ???
>
> > Do i need a firewall that takes alot of cpu just to specify allowed ip?
I
> > read Kerio can do this.
>
> A host based packet filter, taht allows end user interaction doesn'tmake
> anmy sense at all.
>
> > I can't do this in Windows 98 without any extra softwares?
>
> What services does your box offer? None? Fine, so just sit back and relax.
>
> >I am not
> > spoiled with cpu
> >
> > Guess it's to much to ask - but a small software where we can specify ip
> > and keep an eye of intruders or attempts. Is that heaven?
>
> You don't need addional software, a locked down box that offers no
services
> is sufficient, if you are able to keep an overview, what sofwtare is
> installed on your system and what that software does. If you can't keep
> control over the installed software all firewall placebos will not be able
> to help you on a win98 system, since malware can control the firewall
> completely.
>
> Actually I'm afraid that all what I've written was far to technical and
> complicated for you and you've hardly understood anything of what I wanted
> to tell you. So install whatever tool/firewall placebo you want, you'll
> never be able to secure your win98 box.
>
> Wolfgang
-------------------------------------
A little more...
I just use my computer for email, browsing and for access to some data
services.
I am a little confused. Let´s see.. But it is better to close a program that
holds a port open than to try to block ip:s? Since you apparently can get
around by spoofing.
So if my computer is on and online but all softwares are closed, not even
the best hacker can communicate with it? They can´t start a program and
continue from there?
Then why do they tell us to install even more softwares?
They want to
make money of course..
Thanks for your help
Patrik (News is not my name. Just typed wrong