Configurating the Firewall in both Linux and Xp!

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

Because i get numerous port scan attacks and some hosts trying persistent to
have inbound connection tou my machine at strange ports i will switch to
linux.
As i ate in the noon i though the following.... Iam lauphing because the
most of my ideas pop up to my head at meal time lol...

Can someone tell me the ruleset i have to use in iptables so that i can ONLY
accept incoming data packets to my machine from connections that I initiated
first and nothing else? Everything else that i did not explicitly start i
want them automatically rejected by firewall.

For example i asked to see my webpage at the remote web server
nikos.50free.com:80 through my web browser so i ONLY want to accpet data
packets derived from there (nikos.50free.com as host) and of course from 80
port only. All other ports i want them blocked. Just ONLY what i want
opened!

I believe (theoritically) its the best way to set the firewall to linux and
to win.

I know that in linux its just a 1-2 lines ruleset (but i dont know the
syntax), as for Windows XP the firewall there is doing stuff automatically
but i need to tell it to to do the same thing! Its just i dont know how to
tell it!


ps. Please dont flame, instead ignore the post if you do not like it.

--
The Devil Is In The Details!

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

On Tue, 3 Aug 2004 10:33:00 +0300, beatnik spoketh

>Because i get numerous port scan attacks and some hosts trying persistent to
>have inbound connection tou my machine at strange ports i will switch to
>linux.

Do you also buy a new car because someone looked at your old one?

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <cenf0e$ere$1@nic.grnet.gr>, beatnik@mail.gr says...
> Because i get numerous port scan attacks and some hosts trying persistent to
> have inbound connection tou my machine at strange ports i will switch to
> linux.

Why don't you just purchase one of those inexpensive routers for $50 and
be comfortable in the idea that you just blocked the unsolicited inbound
traffic without having to change your OS. Many routers also give you the
ability to do port forwarding and many also let you limit ports (135~139
& 445) to the internal network.

It's nice to learn a new OS, but instead of exposing your NIX box to the
net while you are learning the new OS (and the holes that an unpatched
nix box has) get the router and limit your exposure while you install,
configure and update either system.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

Leythos wrote:

> In article <cenf0e$ere$1@nic.grnet.gr>, beatnik@mail.gr says...
>
>>Because i get numerous port scan attacks and some hosts trying persistent to
>>have inbound connection tou my machine at strange ports i will switch to
>>linux.
>
>
> Why don't you just purchase one of those inexpensive routers for $50 and
> be comfortable in the idea that you just blocked the unsolicited inbound
> traffic without having to change your OS. Many routers also give you the
> ability to do port forwarding and many also let you limit ports (135~139
> & 445) to the internal network.
>
> It's nice to learn a new OS, but instead of exposing your NIX box to the
> net while you are learning the new OS (and the holes that an unpatched
> nix box has) get the router and limit your exposure while you install,
> configure and update either system.
>

Leythos, this fellow isn't quite all there. See his posts on a.c.v.
concerning his problems after pirating software from a warez site. His
problems with security are likely self-inflicted.

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b7942a31c318d9298a835@news-server.columbus.rr.com...
nice to learn a new OS, but instead of exposing your NIX box to the
> net while you are learning the new OS (and the holes that an unpatched
> nix box has) get the router and limit your exposure while you install,
> configure and update either system.

Thats what i am trying to avoid! Exposing my machine to the net.

Routers == Hardware Firewalls, but what does make them better than soft
ones?

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <ceo0bt$aud$2@nic.grnet.gr>, beatnik@mail.gr says...
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b7942a31c318d9298a835@news-server.columbus.rr.com...
> nice to learn a new OS, but instead of exposing your NIX box to the
> > net while you are learning the new OS (and the holes that an unpatched
> > nix box has) get the router and limit your exposure while you install,
> > configure and update either system.
>
> Thats what i am trying to avoid! Exposing my machine to the net.
>
> Routers == Hardware Firewalls, but what does make them better than soft
> ones?

Routers are NOT firewalls, but they do block inbound by nature of the
service that is used - this does not make them a firewall.

The reason you should be using a router/NAT is that unless you correctly
configure your firewall, not likely for a first-timer, you may leave
holes in your security structure. You are also responsible for anything
that you accept/permit through, and there will be things that you need
to permit/accept, but how will you know what to permit/accept.

With a router/NAT you don't have to worry about what to permit/accept,
it will only allow inbound connections that your computer has initiated
outbound. This gives you a chance to patch a Windows System BEFORE
expose it to the internet while you are downloading the patches, same
for a Linux based system, same for your Anti-Virus updates.

Since neither Linux (with the exception of BSD, IMHO) or Windows full
installs are secure out of the box, and both require updates, you need
something to protect you while doing the updates - a router for a home
user is a best case first line of defense (unless you can afford a real
firewall).

As for software firewalls or ones that the user can configure, lets just
say that we've run into hundreds of compromised systems running software
(personal) firewalls on their laptops, workstations, and servers, all
because they didn't take the time to learn about the services that are
necessary to provide the connections they actually need - and also
because they didn't understand the ISP's infrastructure for DNS, DGW,
etc...

The router is painless, simple, almost 100% user proof.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b795237645d823098a83a@news-server.columbus.rr.com...
> In article <ceo0bt$aud$2@nic.grnet.gr>, beatnik@mail.gr says...
> >
> > "Leythos" <void@nowhere.com> wrote in message
> > news:MPG.1b7942a31c318d9298a835@news-server.columbus.rr.com...
> > nice to learn a new OS, but instead of exposing your NIX box to the
> > > net while you are learning the new OS (and the holes that an unpatched
> > > nix box has) get the router and limit your exposure while you install,
> > > configure and update either system.
> >
> > Thats what i am trying to avoid! Exposing my machine to the net.
> >
> > Routers == Hardware Firewalls, but what does make them better than soft
> > ones?
>
> Routers are NOT firewalls, but they do block inbound by nature of the
> service that is used - this does not make them a firewall.
>
> The reason you should be using a router/NAT is that unless you correctly
> configure your firewall, not likely for a first-timer, you may leave
> holes in your security structure. You are also responsible for anything
> that you accept/permit through, and there will be things that you need
> to permit/accept, but how will you know what to permit/accept.
>
> With a router/NAT you don't have to worry about what to permit/accept,
> it will only allow inbound connections that your computer has initiated
> outbound. This gives you a chance to patch a Windows System BEFORE
> expose it to the internet while you are downloading the patches, same
> for a Linux based system, same for your Anti-Virus updates.
>
> Since neither Linux (with the exception of BSD, IMHO) or Windows full
> installs are secure out of the box, and both require updates, you need
> something to protect you while doing the updates - a router for a home
> user is a best case first line of defense (unless you can afford a real
> firewall).
>
> As for software firewalls or ones that the user can configure, lets just
> say that we've run into hundreds of compromised systems running software
> (personal) firewalls on their laptops, workstations, and servers, all
> because they didn't take the time to learn about the services that are
> necessary to provide the connections they actually need - and also
> because they didn't understand the ISP's infrastructure for DNS, DGW,
> etc...
>
> The router is painless, simple, almost 100% user proof.

Cool!, then i will have to buy one! What model do you suggest? 50-60 Euros
cost not more...

Btw, but if i take the time and lerant how to properly configure a software
firewall tehn i will not really have to buy a router, correct?
Or routers are also have some other advantages as well?

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <ceo3dn$f39$1@nic.grnet.gr>, beatnik@mail.gr says...
> Cool!, then i will have to buy one! What model do you suggest? 50-60 Euros
> cost not more...
>
> Btw, but if i take the time and lerant how to properly configure a software
> firewall tehn i will not really have to buy a router, correct?
> Or routers are also have some other advantages as well?

Well, the idea is that the router will protect you while you are
learning. After you get the learning part down, you can forward
everything from the router to your firewall application once you get it
installed.

Since I'm not in the UK I can only suggest that you try and find one of
these models:

Linksys BEFSR41
Linksys BEFSX41
Linksys BEFVP41

NetGear FVS318 (most expensive of the options)

All of the above units will do NAT, some do SPI, and some act as IPSec
end-points, which lets you play with hardware based VPN tunnels between
locations.

The key advantage of using a router is that there is nothing for you to
screw-up, the default installation should block unsolicited inbound
attempts without any problems.

Personal Firewall apps running on the same system that you use to
play/mess with are almost a threat in that you have a sense of security,
but there are things you can do that compromise the security of the
application that you would not be able to do with a router.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b795237645d823098a83a@news-server.columbus.rr.com...
> In article <ceo0bt$aud$2@nic.grnet.gr>, beatnik@mail.gr says...
> >
> > "Leythos" <void@nowhere.com> wrote in message
> > news:MPG.1b7942a31c318d9298a835@news-server.columbus.rr.com...

> Since neither Linux (with the exception of BSD, IMHO) or Windows full
> installs are secure out of the box, and both require updates, you need
> something to protect you while doing the updates - a router for a home
> user is a best case first line of defense (unless you can afford a real
> firewall).

Windows has uncountable security holes.
Linus has holes too?
FreeBSD doesn't have any security flaws and hence it doesn't require
updates?

Whats the percentage of the 3 of them as long as it concern flaws?

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <ceo3jv$fao$1@nic.grnet.gr>, beatnik@mail.gr says...
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b795237645d823098a83a@news-server.columbus.rr.com...
> > In article <ceo0bt$aud$2@nic.grnet.gr>, beatnik@mail.gr says...
> > >
> > > "Leythos" <void@nowhere.com> wrote in message
> > > news:MPG.1b7942a31c318d9298a835@news-server.columbus.rr.com...
>
> > Since neither Linux (with the exception of BSD, IMHO) or Windows full
> > installs are secure out of the box, and both require updates, you need
> > something to protect you while doing the updates - a router for a home
> > user is a best case first line of defense (unless you can afford a real
> > firewall).
>
> Windows has uncountable security holes.
> Linus has holes too?
> FreeBSD doesn't have any security flaws and hence it doesn't require
> updates?
>
> Whats the percentage of the 3 of them as long as it concern flaws?

That's the wrong question - the proper questions is If full base
installs of Windows and Linux distros (including their included apps)
come with holes/security issues, how do you protect your OS/Apps while
you install the updates.

People on Dial-Up think they are safe, but, they are no safer than
anyone else on any other service. People that run Linux distro's that
think they are safe have not really researched the flaws found in many
applications included with their distro.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b797cda502656a98a83c@news-server.columbus.rr.com...
> In article <ceo3dn$f39$1@nic.grnet.gr>, beatnik@mail.gr says...
> > Cool!, then i will have to buy one! What model do you suggest? 50-60
Euros
> > cost not more...
> >
> > Btw, but if i take the time and lerant how to properly configure a
software
> > firewall tehn i will not really have to buy a router, correct?
> > Or routers are also have some other advantages as well?
>
> Well, the idea is that the router will protect you while you are
> learning. After you get the learning part down, you can forward
> everything from the router to your firewall application once you get it
> installed.
>
> Since I'm not in the UK I can only suggest that you try and find one of
> these models:
>
> Linksys BEFSR41
> Linksys BEFSX41
> Linksys BEFVP41
>
> NetGear FVS318 (most expensive of the options)
>
> All of the above units will do NAT, some do SPI, and some act as IPSec
> end-points, which lets you play with hardware based VPN tunnels between
> locations.
>
> The key advantage of using a router is that there is nothing for you to
> screw-up, the default installation should block unsolicited inbound
> attempts without any problems.
>
> Personal Firewall apps running on the same system that you use to
> play/mess with are almost a threat in that you have a sense of security,
> but there are things you can do that compromise the security of the
> application that you would not be able to do with a router.

So the router will act as a Big Brother watching me not getting hurt while
surfing to the deep & dark net cyberspace!
Nothing will screw me, no matter how hard i try to screw my self!

Thank you very much!

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <ceoi2b$4fm$1@nic.grnet.gr>, beatnik@mail.gr says...
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b797cda502656a98a83c@news-server.columbus.rr.com...
> > In article <ceo3dn$f39$1@nic.grnet.gr>, beatnik@mail.gr says...
> > > Cool!, then i will have to buy one! What model do you suggest? 50-60
> Euros
> > > cost not more...
> > >
> > > Btw, but if i take the time and lerant how to properly configure a
> software
> > > firewall tehn i will not really have to buy a router, correct?
> > > Or routers are also have some other advantages as well?
> >
> > Well, the idea is that the router will protect you while you are
> > learning. After you get the learning part down, you can forward
> > everything from the router to your firewall application once you get it
> > installed.
> >
> > Since I'm not in the UK I can only suggest that you try and find one of
> > these models:
> >
> > Linksys BEFSR41
> > Linksys BEFSX41
> > Linksys BEFVP41
> >
> > NetGear FVS318 (most expensive of the options)
> >
> > All of the above units will do NAT, some do SPI, and some act as IPSec
> > end-points, which lets you play with hardware based VPN tunnels between
> > locations.
> >
> > The key advantage of using a router is that there is nothing for you to
> > screw-up, the default installation should block unsolicited inbound
> > attempts without any problems.
> >
> > Personal Firewall apps running on the same system that you use to
> > play/mess with are almost a threat in that you have a sense of security,
> > but there are things you can do that compromise the security of the
> > application that you would not be able to do with a router.
>
> So the router will act as a Big Brother watching me not getting hurt while
> surfing to the deep & dark net cyberspace!
> Nothing will screw me, no matter how hard i try to screw my self!

No, I didn't even try and imply that. Your personal firewall won't
protect you either if you try and compromise your system.

The router will give you an opportunity to configure and update your
system that you would not have without it. Most people connect to the
internet before the install a PFW and before they get all the windows
updates - having a router makes it a LOT safer.

Neither the router or PFW will stop you from installing bad software,
the PFW many have some nice MD5 check-sum features and be aware of the
apps using the internet, but if you permit them then you really are not
any more secure than with just the router.

If you want to be secure, get a real firewall appliance, one that
filters SMTP and HTTP traffic to remove bad things.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

On 2004-08-03, beatnik <beatnik@mail.gr> wrote:
>
> "Leythos" <void@nowhere.com> wrote in message

<snipage>

>> The key advantage of using a router is that there is nothing for you to
>> screw-up, the default installation should block unsolicited inbound
>> attempts without any problems.

Though lets not forget that there are steps that need to be addressed
when setting up a default installation. Linsys is getting better about
their setups (except a few WAP pieces where the instructions are
completely off) they still often forget little minor details about
changing the default password, most of the units they distribute have
firmware upgrades that really must be installed if you want to maintain
a secure environment, etc.

>>
>> Personal Firewall apps running on the same system that you use to
>> play/mess with are almost a threat in that you have a sense of security,
>> but there are things you can do that compromise the security of the
>> application that you would not be able to do with a router.
>

At the same time a poorly configured router (I have seen many in homes I
have worked in) can be just as damaging.

> So the router will act as a Big Brother watching me not getting hurt while
> surfing to the deep & dark net cyberspace!
> Nothing will screw me, no matter how hard i try to screw my self!
>

It will help, but it is only the first line of defense. A router that
completely drops all ports and does no forwarding is best, but in many
environments is that practical? With port forwarding a constantly
patched system, a properly configured firewall, and several other pieces
of the puzzle need to be solved. The idea of one security concept being
enough is a really bad security measure.

--
"This manual says what our product actually does, no matter what the
salesman may have told you it does." . In a californian graphic board
manual, 1985.

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <slrncgvl7g.1ll.digitlcoupNOSPAM@digitlcoup.org>,
digitlcoupNOSPAM@yahoo.com says...
> Though lets not forget that there are steps that need to be addressed
> when setting up a default installation. Linsys is getting better about
> their setups (except a few WAP pieces where the instructions are
> completely off) they still often forget little minor details about
> changing the default password, most of the units they distribute have
> firmware upgrades that really must be installed if you want to maintain
> a secure environment, etc.

While this is true for the security nuts (like me), most of the routers
need to have nothing done, they come with a very new copy of the
firmware (or only a rev or two older) and even with the default password
they don't have remote management enabled and so it's not exposed.

No where in this thread did anyone mention wireless until you did -
that's an entirely different thread and as you mention, most wireless is
completely open and not secure by default.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

On 2004-08-03, Leythos <void@nowhere.com> wrote:
> In article <slrncgvl7g.1ll.digitlcoupNOSPAM@digitlcoup.org>,
> digitlcoupNOSPAM@yahoo.com says...
> While this is true for the security nuts (like me), most of the routers
> need to have nothing done, they come with a very new copy of the
> firmware (or only a rev or two older) and even with the default password
> they don't have remote management enabled and so it's not exposed.

True, but local exploits should be considered as much a threat as
remote. Especially when you have kids in your house smart enough to know
how to set up forwarding hehe

> No where in this thread did anyone mention wireless until you did -
> that's an entirely different thread and as you mention, most wireless is
> completely open and not secure by default.

That was more of an aside that I went ahead and added, that would indeed
be a separate discussion and a very long one at that.

--
"The nice thing about standards is that there are so many to choose from."

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <slrncgvmvc.1md.digitlcoupNOSPAM@digitlcoup.org>,
digitlcoupNOSPAM@yahoo.com says...
> On 2004-08-03, Leythos <void@nowhere.com> wrote:
> > In article <slrncgvl7g.1ll.digitlcoupNOSPAM@digitlcoup.org>,
> > digitlcoupNOSPAM@yahoo.com says...
> > While this is true for the security nuts (like me), most of the routers
> > need to have nothing done, they come with a very new copy of the
> > firmware (or only a rev or two older) and even with the default password
> > they don't have remote management enabled and so it's not exposed.
>
> True, but local exploits should be considered as much a threat as
> remote. Especially when you have kids in your house smart enough to know
> how to set up forwarding hehe

If the kids know the password to the router then the parent didn't read
the installation instructions for it

As for local exploits, install FireFox 0.9.1 (or higher) and use a non-
MS based email client. This will limit your exposure dramatically.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

On 2004-08-03, Leythos <void@nowhere.com> wrote:
> In article <slrncgvmvc.1md.digitlcoupNOSPAM@digitlcoup.org>,
> digitlcoupNOSPAM@yahoo.com says...
>> On 2004-08-03, Leythos <void@nowhere.com> wrote:
>> > In article <slrncgvl7g.1ll.digitlcoupNOSPAM@digitlcoup.org>,
>> > digitlcoupNOSPAM@yahoo.com says...
>> True, but local exploits should be considered as much a threat as
>> remote. Especially when you have kids in your house smart enough to know
>> how to set up forwarding hehe
>
> If the kids know the password to the router then the parent didn't read
> the installation instructions for it

And that would shock you how?


> As for local exploits, install FireFox 0.9.1 (or higher) and use a non-
> MS based email client. This will limit your exposure dramatically.

I prefer to run debian headless with SSH access locked down to my work
address with iptables. No X-windows installed just a simple console with
lynx, slrn, and a few other helpful apps.

Now for my windows I do use Firefox. For email, Outlook Express isn't
installed. MSN messenger is killed and removed, along with any services
that are of no use to me to run. My kids have their own email addresses
through one of my debian boxes which only accept email from use of a
single subject line that they specified so that they remain spam free. I
set up dummy accounts for them to sign up for things, which means I know
exactly what they sign up for. Also, with the exception of the windows
machine, they have no CDrom drives, nor Floppy drives in which to try to
get around my systems. I keep a CD-rom server in another room which only
I have access to for times when I need to do installs and such.

I'm not to rigid about security though ;-)

--
"No printing is permitted on this book.
This book cannot be given to someone else.
This book cannot be read aloud." -- License terms for Adobe ebooks

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b797d7942dca5b798a83d@news-server.columbus.rr.com...
> In article <ceo3jv$fao$1@nic.grnet.gr>, beatnik@mail.gr says...

> That's the wrong question - the proper questions is If full base
> installs of Windows and Linux distros (including their included apps)
> come with holes/security issues, how do you protect your OS/Apps while
> you install the updates.
>
> People on Dial-Up think they are safe, but, they are no safer than
> anyone else on any other service. People that run Linux distro's that
> think they are safe have not really researched the flaws found in many
> applications included with their distro.

OK! Assume i install Debian and configure properly iptables with Stateful
Packer Inspection enabled like the following:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P INPUT DROP

Am i secure even though i did not run the appropriate/neccesary linux
updates?
I mean after all the incoming data packets will be the sort of them that i
initiated first and ONLY them.
Any other unsolicited inbound network traffic will be blocked!

Am i safe just by letting Stateful Packer Inspection do all the hard work
when it comes to examing tcp/ip packets?

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

On Tue, 3 Aug 2004 20:38:37 +0300, beatnik wrote:
>
> OK! Assume i install Debian and configure properly iptables with Stateful
> Packer Inspection enabled like the following:
>
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -P INPUT DROP
>
> Am i secure even though i did not run the appropriate/neccesary linux
> updates?
> I mean after all the incoming data packets will be the sort of them that i
> initiated first and ONLY them.
> Any other unsolicited inbound network traffic will be blocked!

BFD. you could be running a peer to peer application like
Morpheous, KaZaa, Gnutella or reading a wav file and do not have the
updates to realplayer/sox and still catch some malware.
Firewall is just first line defence.

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <ceojgc$6at$1@nic.grnet.gr>, beatnik@mail.gr says...
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b797d7942dca5b798a83d@news-server.columbus.rr.com...
> > In article <ceo3jv$fao$1@nic.grnet.gr>, beatnik@mail.gr says...
>
> > That's the wrong question - the proper questions is If full base
> > installs of Windows and Linux distros (including their included apps)
> > come with holes/security issues, how do you protect your OS/Apps while
> > you install the updates.
> >
> > People on Dial-Up think they are safe, but, they are no safer than
> > anyone else on any other service. People that run Linux distro's that
> > think they are safe have not really researched the flaws found in many
> > applications included with their distro.
>
> OK! Assume i install Debian and configure properly iptables with Stateful
> Packer Inspection enabled like the following:
>
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -P INPUT DROP
>
> Am i secure even though i did not run the appropriate/neccesary linux
> updates?
> I mean after all the incoming data packets will be the sort of them that i
> initiated first and ONLY them.
> Any other unsolicited inbound network traffic will be blocked!
>
> Am i safe just by letting Stateful Packer Inspection do all the hard work
> when it comes to examing tcp/ip packets?

There is a LOT more to securing your system than just NAT and SPI. If
you click on something on the web (or email) since you created the
connection it's going to get through. The router only blocks things that
you didn't invite (or your computer didn't invite).

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b79a1107b31188a98a842@news-server.columbus.rr.com...
> In article <ceojgc$6at$1@nic.grnet.gr>, beatnik@mail.gr says...
> >
> > "Leythos" <void@nowhere.com> wrote in message
> > news:MPG.1b797d7942dca5b798a83d@news-server.columbus.rr.com...
> > > In article <ceo3jv$fao$1@nic.grnet.gr>, beatnik@mail.gr says...
> >
> > > That's the wrong question - the proper questions is If full base
> > > installs of Windows and Linux distros (including their included apps)
> > > come with holes/security issues, how do you protect your OS/Apps while
> > > you install the updates.
> > >
> > > People on Dial-Up think they are safe, but, they are no safer than
> > > anyone else on any other service. People that run Linux distro's that
> > > think they are safe have not really researched the flaws found in many
> > > applications included with their distro.
> >
> > OK! Assume i install Debian and configure properly iptables with
Stateful
> > Packer Inspection enabled like the following:
> >
> > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> > iptables -P INPUT DROP
> >
> > Am i secure even though i did not run the appropriate/neccesary linux
> > updates?
> > I mean after all the incoming data packets will be the sort of them that
i
> > initiated first and ONLY them.
> > Any other unsolicited inbound network traffic will be blocked!
> >
> > Am i safe just by letting Stateful Packer Inspection do all the hard
work
> > when it comes to examing tcp/ip packets?
>
> There is a LOT more to securing your system than just NAT and SPI. If
> you click on something on the web (or email) since you created the
> connection it's going to get through. The router only blocks things that
> you didn't invite (or your computer didn't invite).

But if my linux installation is unpatched i think i will not have problems
if i just accept respond packets coming from connections that i have
started. Is this correct?

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <cep3tq$ra8$1@nic.grnet.gr>, beatnik@mail.gr says...
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b79a1107b31188a98a842@news-server.columbus.rr.com...
> > In article <ceojgc$6at$1@nic.grnet.gr>, beatnik@mail.gr says...
> > >
> > > "Leythos" <void@nowhere.com> wrote in message
> > > news:MPG.1b797d7942dca5b798a83d@news-server.columbus.rr.com...
> > > > In article <ceo3jv$fao$1@nic.grnet.gr>, beatnik@mail.gr says...
> > >
> > > > That's the wrong question - the proper questions is If full base
> > > > installs of Windows and Linux distros (including their included apps)
> > > > come with holes/security issues, how do you protect your OS/Apps while
> > > > you install the updates.
> > > >
> > > > People on Dial-Up think they are safe, but, they are no safer than
> > > > anyone else on any other service. People that run Linux distro's that
> > > > think they are safe have not really researched the flaws found in many
> > > > applications included with their distro.
> > >
> > > OK! Assume i install Debian and configure properly iptables with
> Stateful
> > > Packer Inspection enabled like the following:
> > >
> > > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> > > iptables -P INPUT DROP
> > >
> > > Am i secure even though i did not run the appropriate/neccesary linux
> > > updates?
> > > I mean after all the incoming data packets will be the sort of them that
> i
> > > initiated first and ONLY them.
> > > Any other unsolicited inbound network traffic will be blocked!
> > >
> > > Am i safe just by letting Stateful Packer Inspection do all the hard
> work
> > > when it comes to examing tcp/ip packets?
> >
> > There is a LOT more to securing your system than just NAT and SPI. If
> > you click on something on the web (or email) since you created the
> > connection it's going to get through. The router only blocks things that
> > you didn't invite (or your computer didn't invite).
>
> But if my linux installation is unpatched i think i will not have problems
> if i just accept respond packets coming from connections that i have
> started. Is this correct?

I can not say, since your unpatched system may have a flaw that a patch
might correct, it's really hard to say.

Why fight the simplicity of a router device?

I can understand wanting to learn about security, but why put yourself
in a questionable position while doing it?

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b79e1489fc6cc0298a84a@news-server.columbus.rr.com...
> In article <cep3tq$ra8$1@nic.grnet.gr>, beatnik@mail.gr says...

> > But if my linux installation is unpatched i think i will not have
problems
> > if i just accept respond packets coming from connections that i have
> > started. Is this correct?
>
> I can not say, since your unpatched system may have a flaw that a patch
> might correct, it's really hard to say.

But even if it has one, it wont be a problem because no data is going to go
there... i think...

> Why fight the simplicity of a router device?
>
> I can understand wanting to learn about security, but why put yourself
> in a questionable position while doing it?

I always like that. My guess of doing this is to see i f i can make it!

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <cep59k$t20$1@nic.grnet.gr>, beatnik@mail.gr says...
> But even if it has one, it wont be a problem because no data is going to go
> there... i think...

Ah, but the "I THINK" part is what can get you into trouble - you see,
the unpatched part could be for your firewall application, could be
something that is exposed, could be anything. Unless you can say "I know
it won't get inside" then you are better off getting a border device for
protection.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

beatnik wrote:
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b79e1489fc6cc0298a84a@news-server.columbus.rr.com...
>
>>In article <cep3tq$ra8$1@nic.grnet.gr>, beatnik@mail.gr says...
>
>
>>>But if my linux installation is unpatched i think i will not have
>
> problems
>
>>>if i just accept respond packets coming from connections that i have
>>>started. Is this correct?

No, you can still be at risk. Someone else mentioned this earlier. If
you click on a link hiding some sort of malware, the connection was made
by you, and the response would be allowed whether or not it contained
malicious code.

A firewall will not protect you against this type of attack, unless it
also incorporates an intrusion detection system (IDS) to recognize
malicious patterns in arriving data and block it when found.

>>
>>I can not say, since your unpatched system may have a flaw that a patch
>>might correct, it's really hard to say.
>
>
> But even if it has one, it wont be a problem because no data is going to go
> there... i think...

My recommendation to anyone is to block everything you don't need. That
suggestion has also been made by someone else earlier, including
iptables commands to accomplish it, and further commands to allow
specific services to be used both outbound and inbound. The above
warning still applies, though, if you initiate a connection to a
malicious host; in that case you need the IDS.

>
>
>>Why fight the simplicity of a router device?
>>
>>I can understand wanting to learn about security, but why put yourself
>>in a questionable position while doing it?
>
>
> I always like that. My guess of doing this is to see i f i can make it!

Nothing wrong with a software firewall; been using them at home for
years. But you have to understand their limitations (not unlike those of
small hardware routers and stateful firewalls) and conduct yourself
accordingly. I would never use them to protect a large network; they are
not designed for that and would be a poor choice.

At $WORK, we rely on redundant stateful hardware firewalls, from more
than one manufacturer, and in layers. More than one type reduces the
liklihood of a particular vulnerability on one being sufficient to
compromise the other. Of course you're talking Real Money, not $50 or so.

For a few hundred bucks you can get something like a small Cisco PIX
firewall, which is fairly good right out of the box, except that it does
not limit outbound ports without your configuring it. Get a used one and
pay less, of course.

As with most things, you get what you pay for.

Chuck