Sign in with
Sign up | Sign in
Your question

Configurating the Firewall in both Linux and Xp!

Last response: in Networking
Share
Anonymous
August 3, 2004 2:33:00 PM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

Because i get numerous port scan attacks and some hosts trying persistent to
have inbound connection tou my machine at strange ports i will switch to
linux.
As i ate in the noon i though the following....:-) Iam lauphing because the
most of my ideas pop up to my head at meal time lol...

Can someone tell me the ruleset i have to use in iptables so that i can ONLY
accept incoming data packets to my machine from connections that I initiated
first and nothing else? Everything else that i did not explicitly start i
want them automatically rejected by firewall.

For example i asked to see my webpage at the remote web server
nikos.50free.com:80 through my web browser so i ONLY want to accpet data
packets derived from there (nikos.50free.com as host) and of course from 80
port only. All other ports i want them blocked. Just ONLY what i want
opened!

I believe (theoritically) its the best way to set the firewall to linux and
to win.

I know that in linux its just a 1-2 lines ruleset (but i dont know the
syntax), as for Windows XP the firewall there is doing stuff automatically
but i need to tell it to to do the same thing! Its just i dont know how to
tell it!


ps. Please dont flame, instead ignore the post if you do not like it.

--
The Devil Is In The Details!
Anonymous
August 3, 2004 2:33:01 PM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

On Tue, 3 Aug 2004 10:33:00 +0300, beatnik spoketh

>Because i get numerous port scan attacks and some hosts trying persistent to
>have inbound connection tou my machine at strange ports i will switch to
>linux.

Do you also buy a new car because someone looked at your old one?

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
Anonymous
August 3, 2004 3:27:19 PM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <cenf0e$ere$1@nic.grnet.gr>, beatnik@mail.gr says...
> Because i get numerous port scan attacks and some hosts trying persistent to
> have inbound connection tou my machine at strange ports i will switch to
> linux.

Why don't you just purchase one of those inexpensive routers for $50 and
be comfortable in the idea that you just blocked the unsolicited inbound
traffic without having to change your OS. Many routers also give you the
ability to do port forwarding and many also let you limit ports (135~139
& 445) to the internal network.

It's nice to learn a new OS, but instead of exposing your NIX box to the
net while you are learning the new OS (and the holes that an unpatched
nix box has) get the router and limit your exposure while you install,
configure and update either system.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Related resources
Anonymous
August 3, 2004 4:06:40 PM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

Leythos wrote:

> In article <cenf0e$ere$1@nic.grnet.gr>, beatnik@mail.gr says...
>
>>Because i get numerous port scan attacks and some hosts trying persistent to
>>have inbound connection tou my machine at strange ports i will switch to
>>linux.
>
>
> Why don't you just purchase one of those inexpensive routers for $50 and
> be comfortable in the idea that you just blocked the unsolicited inbound
> traffic without having to change your OS. Many routers also give you the
> ability to do port forwarding and many also let you limit ports (135~139
> & 445) to the internal network.
>
> It's nice to learn a new OS, but instead of exposing your NIX box to the
> net while you are learning the new OS (and the holes that an unpatched
> nix box has) get the router and limit your exposure while you install,
> configure and update either system.
>

Leythos, this fellow isn't quite all there. See his posts on a.c.v.
concerning his problems after pirating software from a warez site. His
problems with security are likely self-inflicted.
Anonymous
August 3, 2004 7:29:10 PM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b7942a31c318d9298a835@news-server.columbus.rr.com...
nice to learn a new OS, but instead of exposing your NIX box to the
> net while you are learning the new OS (and the holes that an unpatched
> nix box has) get the router and limit your exposure while you install,
> configure and update either system.

Thats what i am trying to avoid! Exposing my machine to the net.

Routers == Hardware Firewalls, but what does make them better than soft
ones?
Anonymous
August 3, 2004 7:29:11 PM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <ceo0bt$aud$2@nic.grnet.gr>, beatnik@mail.gr says...
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b7942a31c318d9298a835@news-server.columbus.rr.com...
> nice to learn a new OS, but instead of exposing your NIX box to the
> > net while you are learning the new OS (and the holes that an unpatched
> > nix box has) get the router and limit your exposure while you install,
> > configure and update either system.
>
> Thats what i am trying to avoid! Exposing my machine to the net.
>
> Routers == Hardware Firewalls, but what does make them better than soft
> ones?

Routers are NOT firewalls, but they do block inbound by nature of the
service that is used - this does not make them a firewall.

The reason you should be using a router/NAT is that unless you correctly
configure your firewall, not likely for a first-timer, you may leave
holes in your security structure. You are also responsible for anything
that you accept/permit through, and there will be things that you need
to permit/accept, but how will you know what to permit/accept.

With a router/NAT you don't have to worry about what to permit/accept,
it will only allow inbound connections that your computer has initiated
outbound. This gives you a chance to patch a Windows System BEFORE
expose it to the internet while you are downloading the patches, same
for a Linux based system, same for your Anti-Virus updates.

Since neither Linux (with the exception of BSD, IMHO) or Windows full
installs are secure out of the box, and both require updates, you need
something to protect you while doing the updates - a router for a home
user is a best case first line of defense (unless you can afford a real
firewall).

As for software firewalls or ones that the user can configure, lets just
say that we've run into hundreds of compromised systems running software
(personal) firewalls on their laptops, workstations, and servers, all
because they didn't take the time to learn about the services that are
necessary to provide the connections they actually need - and also
because they didn't understand the ISP's infrastructure for DNS, DGW,
etc...

The router is painless, simple, almost 100% user proof.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
August 3, 2004 8:21:25 PM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b795237645d823098a83a@news-server.columbus.rr.com...
> In article <ceo0bt$aud$2@nic.grnet.gr>, beatnik@mail.gr says...
> >
> > "Leythos" <void@nowhere.com> wrote in message
> > news:MPG.1b7942a31c318d9298a835@news-server.columbus.rr.com...
> > nice to learn a new OS, but instead of exposing your NIX box to the
> > > net while you are learning the new OS (and the holes that an unpatched
> > > nix box has) get the router and limit your exposure while you install,
> > > configure and update either system.
> >
> > Thats what i am trying to avoid! Exposing my machine to the net.
> >
> > Routers == Hardware Firewalls, but what does make them better than soft
> > ones?
>
> Routers are NOT firewalls, but they do block inbound by nature of the
> service that is used - this does not make them a firewall.
>
> The reason you should be using a router/NAT is that unless you correctly
> configure your firewall, not likely for a first-timer, you may leave
> holes in your security structure. You are also responsible for anything
> that you accept/permit through, and there will be things that you need
> to permit/accept, but how will you know what to permit/accept.
>
> With a router/NAT you don't have to worry about what to permit/accept,
> it will only allow inbound connections that your computer has initiated
> outbound. This gives you a chance to patch a Windows System BEFORE
> expose it to the internet while you are downloading the patches, same
> for a Linux based system, same for your Anti-Virus updates.
>
> Since neither Linux (with the exception of BSD, IMHO) or Windows full
> installs are secure out of the box, and both require updates, you need
> something to protect you while doing the updates - a router for a home
> user is a best case first line of defense (unless you can afford a real
> firewall).
>
> As for software firewalls or ones that the user can configure, lets just
> say that we've run into hundreds of compromised systems running software
> (personal) firewalls on their laptops, workstations, and servers, all
> because they didn't take the time to learn about the services that are
> necessary to provide the connections they actually need - and also
> because they didn't understand the ISP's infrastructure for DNS, DGW,
> etc...
>
> The router is painless, simple, almost 100% user proof.

Cool!, then i will have to buy one! What model do you suggest? 50-60 Euros
cost not more...

Btw, but if i take the time and lerant how to properly configure a software
firewall tehn i will not really have to buy a router, correct?
Or routers are also have some other advantages as well?
Anonymous
August 3, 2004 8:21:26 PM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <ceo3dn$f39$1@nic.grnet.gr>, beatnik@mail.gr says...
> Cool!, then i will have to buy one! What model do you suggest? 50-60 Euros
> cost not more...
>
> Btw, but if i take the time and lerant how to properly configure a software
> firewall tehn i will not really have to buy a router, correct?
> Or routers are also have some other advantages as well?

Well, the idea is that the router will protect you while you are
learning. After you get the learning part down, you can forward
everything from the router to your firewall application once you get it
installed.

Since I'm not in the UK I can only suggest that you try and find one of
these models:

Linksys BEFSR41
Linksys BEFSX41
Linksys BEFVP41

NetGear FVS318 (most expensive of the options)

All of the above units will do NAT, some do SPI, and some act as IPSec
end-points, which lets you play with hardware based VPN tunnels between
locations.

The key advantage of using a router is that there is nothing for you to
screw-up, the default installation should block unsolicited inbound
attempts without any problems.

Personal Firewall apps running on the same system that you use to
play/mess with are almost a threat in that you have a sense of security,
but there are things you can do that compromise the security of the
application that you would not be able to do with a router.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
August 3, 2004 8:24:44 PM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b795237645d823098a83a@news-server.columbus.rr.com...
> In article <ceo0bt$aud$2@nic.grnet.gr>, beatnik@mail.gr says...
> >
> > "Leythos" <void@nowhere.com> wrote in message
> > news:MPG.1b7942a31c318d9298a835@news-server.columbus.rr.com...

> Since neither Linux (with the exception of BSD, IMHO) or Windows full
> installs are secure out of the box, and both require updates, you need
> something to protect you while doing the updates - a router for a home
> user is a best case first line of defense (unless you can afford a real
> firewall).

Windows has uncountable security holes.
Linus has holes too?
FreeBSD doesn't have any security flaws and hence it doesn't require
updates?

Whats the percentage of the 3 of them as long as it concern flaws?
Anonymous
August 3, 2004 8:24:45 PM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <ceo3jv$fao$1@nic.grnet.gr>, beatnik@mail.gr says...
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b795237645d823098a83a@news-server.columbus.rr.com...
> > In article <ceo0bt$aud$2@nic.grnet.gr>, beatnik@mail.gr says...
> > >
> > > "Leythos" <void@nowhere.com> wrote in message
> > > news:MPG.1b7942a31c318d9298a835@news-server.columbus.rr.com...
>
> > Since neither Linux (with the exception of BSD, IMHO) or Windows full
> > installs are secure out of the box, and both require updates, you need
> > something to protect you while doing the updates - a router for a home
> > user is a best case first line of defense (unless you can afford a real
> > firewall).
>
> Windows has uncountable security holes.
> Linus has holes too?
> FreeBSD doesn't have any security flaws and hence it doesn't require
> updates?
>
> Whats the percentage of the 3 of them as long as it concern flaws?

That's the wrong question - the proper questions is If full base
installs of Windows and Linux distros (including their included apps)
come with holes/security issues, how do you protect your OS/Apps while
you install the updates.

People on Dial-Up think they are safe, but, they are no safer than
anyone else on any other service. People that run Linux distro's that
think they are safe have not really researched the flaws found in many
applications included with their distro.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
August 4, 2004 12:31:09 AM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b797cda502656a98a83c@news-server.columbus.rr.com...
> In article <ceo3dn$f39$1@nic.grnet.gr>, beatnik@mail.gr says...
> > Cool!, then i will have to buy one! What model do you suggest? 50-60
Euros
> > cost not more...
> >
> > Btw, but if i take the time and lerant how to properly configure a
software
> > firewall tehn i will not really have to buy a router, correct?
> > Or routers are also have some other advantages as well?
>
> Well, the idea is that the router will protect you while you are
> learning. After you get the learning part down, you can forward
> everything from the router to your firewall application once you get it
> installed.
>
> Since I'm not in the UK I can only suggest that you try and find one of
> these models:
>
> Linksys BEFSR41
> Linksys BEFSX41
> Linksys BEFVP41
>
> NetGear FVS318 (most expensive of the options)
>
> All of the above units will do NAT, some do SPI, and some act as IPSec
> end-points, which lets you play with hardware based VPN tunnels between
> locations.
>
> The key advantage of using a router is that there is nothing for you to
> screw-up, the default installation should block unsolicited inbound
> attempts without any problems.
>
> Personal Firewall apps running on the same system that you use to
> play/mess with are almost a threat in that you have a sense of security,
> but there are things you can do that compromise the security of the
> application that you would not be able to do with a router.

So the router will act as a Big Brother watching me not getting hurt while
surfing to the deep & dark net cyberspace!
Nothing will screw me, no matter how hard i try to screw my self!

Thank you very much!
Anonymous
August 4, 2004 12:31:10 AM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <ceoi2b$4fm$1@nic.grnet.gr>, beatnik@mail.gr says...
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b797cda502656a98a83c@news-server.columbus.rr.com...
> > In article <ceo3dn$f39$1@nic.grnet.gr>, beatnik@mail.gr says...
> > > Cool!, then i will have to buy one! What model do you suggest? 50-60
> Euros
> > > cost not more...
> > >
> > > Btw, but if i take the time and lerant how to properly configure a
> software
> > > firewall tehn i will not really have to buy a router, correct?
> > > Or routers are also have some other advantages as well?
> >
> > Well, the idea is that the router will protect you while you are
> > learning. After you get the learning part down, you can forward
> > everything from the router to your firewall application once you get it
> > installed.
> >
> > Since I'm not in the UK I can only suggest that you try and find one of
> > these models:
> >
> > Linksys BEFSR41
> > Linksys BEFSX41
> > Linksys BEFVP41
> >
> > NetGear FVS318 (most expensive of the options)
> >
> > All of the above units will do NAT, some do SPI, and some act as IPSec
> > end-points, which lets you play with hardware based VPN tunnels between
> > locations.
> >
> > The key advantage of using a router is that there is nothing for you to
> > screw-up, the default installation should block unsolicited inbound
> > attempts without any problems.
> >
> > Personal Firewall apps running on the same system that you use to
> > play/mess with are almost a threat in that you have a sense of security,
> > but there are things you can do that compromise the security of the
> > application that you would not be able to do with a router.
>
> So the router will act as a Big Brother watching me not getting hurt while
> surfing to the deep & dark net cyberspace!
> Nothing will screw me, no matter how hard i try to screw my self!

No, I didn't even try and imply that. Your personal firewall won't
protect you either if you try and compromise your system.

The router will give you an opportunity to configure and update your
system that you would not have without it. Most people connect to the
internet before the install a PFW and before they get all the windows
updates - having a router makes it a LOT safer.

Neither the router or PFW will stop you from installing bad software,
the PFW many have some nice MD5 check-sum features and be aware of the
apps using the internet, but if you permit them then you really are not
any more secure than with just the router.

If you want to be secure, get a real firewall appliance, one that
filters SMTP and HTTP traffic to remove bad things.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
August 4, 2004 12:31:10 AM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

On 2004-08-03, beatnik <beatnik@mail.gr> wrote:
>
> "Leythos" <void@nowhere.com> wrote in message

<snipage>

>> The key advantage of using a router is that there is nothing for you to
>> screw-up, the default installation should block unsolicited inbound
>> attempts without any problems.

Though lets not forget that there are steps that need to be addressed
when setting up a default installation. Linsys is getting better about
their setups (except a few WAP pieces where the instructions are
completely off) they still often forget little minor details about
changing the default password, most of the units they distribute have
firmware upgrades that really must be installed if you want to maintain
a secure environment, etc.

>>
>> Personal Firewall apps running on the same system that you use to
>> play/mess with are almost a threat in that you have a sense of security,
>> but there are things you can do that compromise the security of the
>> application that you would not be able to do with a router.
>

At the same time a poorly configured router (I have seen many in homes I
have worked in) can be just as damaging.

> So the router will act as a Big Brother watching me not getting hurt while
> surfing to the deep & dark net cyberspace!
> Nothing will screw me, no matter how hard i try to screw my self!
>

It will help, but it is only the first line of defense. A router that
completely drops all ports and does no forwarding is best, but in many
environments is that practical? With port forwarding a constantly
patched system, a properly configured firewall, and several other pieces
of the puzzle need to be solved. The idea of one security concept being
enough is a really bad security measure.

--
"This manual says what our product actually does, no matter what the
salesman may have told you it does." . In a californian graphic board
manual, 1985.
Anonymous
August 4, 2004 12:31:11 AM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <slrncgvl7g.1ll.digitlcoupNOSPAM@digitlcoup.org>,
digitlcoupNOSPAM@yahoo.com says...
> Though lets not forget that there are steps that need to be addressed
> when setting up a default installation. Linsys is getting better about
> their setups (except a few WAP pieces where the instructions are
> completely off) they still often forget little minor details about
> changing the default password, most of the units they distribute have
> firmware upgrades that really must be installed if you want to maintain
> a secure environment, etc.

While this is true for the security nuts (like me), most of the routers
need to have nothing done, they come with a very new copy of the
firmware (or only a rev or two older) and even with the default password
they don't have remote management enabled and so it's not exposed.

No where in this thread did anyone mention wireless until you did -
that's an entirely different thread and as you mention, most wireless is
completely open and not secure by default.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
August 4, 2004 12:31:12 AM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

On 2004-08-03, Leythos <void@nowhere.com> wrote:
> In article <slrncgvl7g.1ll.digitlcoupNOSPAM@digitlcoup.org>,
> digitlcoupNOSPAM@yahoo.com says...
> While this is true for the security nuts (like me), most of the routers
> need to have nothing done, they come with a very new copy of the
> firmware (or only a rev or two older) and even with the default password
> they don't have remote management enabled and so it's not exposed.

True, but local exploits should be considered as much a threat as
remote. Especially when you have kids in your house smart enough to know
how to set up forwarding hehe :) 

> No where in this thread did anyone mention wireless until you did -
> that's an entirely different thread and as you mention, most wireless is
> completely open and not secure by default.

That was more of an aside that I went ahead and added, that would indeed
be a separate discussion and a very long one at that.

--
"The nice thing about standards is that there are so many to choose from."
Anonymous
August 4, 2004 12:31:13 AM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <slrncgvmvc.1md.digitlcoupNOSPAM@digitlcoup.org>,
digitlcoupNOSPAM@yahoo.com says...
> On 2004-08-03, Leythos <void@nowhere.com> wrote:
> > In article <slrncgvl7g.1ll.digitlcoupNOSPAM@digitlcoup.org>,
> > digitlcoupNOSPAM@yahoo.com says...
> > While this is true for the security nuts (like me), most of the routers
> > need to have nothing done, they come with a very new copy of the
> > firmware (or only a rev or two older) and even with the default password
> > they don't have remote management enabled and so it's not exposed.
>
> True, but local exploits should be considered as much a threat as
> remote. Especially when you have kids in your house smart enough to know
> how to set up forwarding hehe :) 

If the kids know the password to the router then the parent didn't read
the installation instructions for it :) 

As for local exploits, install FireFox 0.9.1 (or higher) and use a non-
MS based email client. This will limit your exposure dramatically.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
August 4, 2004 12:31:14 AM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

On 2004-08-03, Leythos <void@nowhere.com> wrote:
> In article <slrncgvmvc.1md.digitlcoupNOSPAM@digitlcoup.org>,
> digitlcoupNOSPAM@yahoo.com says...
>> On 2004-08-03, Leythos <void@nowhere.com> wrote:
>> > In article <slrncgvl7g.1ll.digitlcoupNOSPAM@digitlcoup.org>,
>> > digitlcoupNOSPAM@yahoo.com says...
>> True, but local exploits should be considered as much a threat as
>> remote. Especially when you have kids in your house smart enough to know
>> how to set up forwarding hehe :) 
>
> If the kids know the password to the router then the parent didn't read
> the installation instructions for it :) 

And that would shock you how?


> As for local exploits, install FireFox 0.9.1 (or higher) and use a non-
> MS based email client. This will limit your exposure dramatically.

I prefer to run debian headless with SSH access locked down to my work
address with iptables. No X-windows installed just a simple console with
lynx, slrn, and a few other helpful apps.

Now for my windows I do use Firefox. For email, Outlook Express isn't
installed. MSN messenger is killed and removed, along with any services
that are of no use to me to run. My kids have their own email addresses
through one of my debian boxes which only accept email from use of a
single subject line that they specified so that they remain spam free. I
set up dummy accounts for them to sign up for things, which means I know
exactly what they sign up for. Also, with the exception of the windows
machine, they have no CDrom drives, nor Floppy drives in which to try to
get around my systems. I keep a CD-rom server in another room which only
I have access to for times when I need to do installs and such.

I'm not to rigid about security though ;-)

--
"No printing is permitted on this book.
This book cannot be given to someone else.
This book cannot be read aloud." -- License terms for Adobe ebooks
Anonymous
August 4, 2004 12:38:37 AM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b797d7942dca5b798a83d@news-server.columbus.rr.com...
> In article <ceo3jv$fao$1@nic.grnet.gr>, beatnik@mail.gr says...

> That's the wrong question - the proper questions is If full base
> installs of Windows and Linux distros (including their included apps)
> come with holes/security issues, how do you protect your OS/Apps while
> you install the updates.
>
> People on Dial-Up think they are safe, but, they are no safer than
> anyone else on any other service. People that run Linux distro's that
> think they are safe have not really researched the flaws found in many
> applications included with their distro.

OK! Assume i install Debian and configure properly iptables with Stateful
Packer Inspection enabled like the following:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P INPUT DROP

Am i secure even though i did not run the appropriate/neccesary linux
updates?
I mean after all the incoming data packets will be the sort of them that i
initiated first and ONLY them.
Any other unsolicited inbound network traffic will be blocked!

Am i safe just by letting Stateful Packer Inspection do all the hard work
when it comes to examing tcp/ip packets?
Anonymous
August 4, 2004 12:38:38 AM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

On Tue, 3 Aug 2004 20:38:37 +0300, beatnik wrote:
>
> OK! Assume i install Debian and configure properly iptables with Stateful
> Packer Inspection enabled like the following:
>
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -P INPUT DROP
>
> Am i secure even though i did not run the appropriate/neccesary linux
> updates?
> I mean after all the incoming data packets will be the sort of them that i
> initiated first and ONLY them.
> Any other unsolicited inbound network traffic will be blocked!

BFD. you could be running a peer to peer application like
Morpheous, KaZaa, Gnutella or reading a wav file and do not have the
updates to realplayer/sox and still catch some malware.
Firewall is just first line defence.
Anonymous
August 4, 2004 12:38:38 AM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <ceojgc$6at$1@nic.grnet.gr>, beatnik@mail.gr says...
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b797d7942dca5b798a83d@news-server.columbus.rr.com...
> > In article <ceo3jv$fao$1@nic.grnet.gr>, beatnik@mail.gr says...
>
> > That's the wrong question - the proper questions is If full base
> > installs of Windows and Linux distros (including their included apps)
> > come with holes/security issues, how do you protect your OS/Apps while
> > you install the updates.
> >
> > People on Dial-Up think they are safe, but, they are no safer than
> > anyone else on any other service. People that run Linux distro's that
> > think they are safe have not really researched the flaws found in many
> > applications included with their distro.
>
> OK! Assume i install Debian and configure properly iptables with Stateful
> Packer Inspection enabled like the following:
>
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -P INPUT DROP
>
> Am i secure even though i did not run the appropriate/neccesary linux
> updates?
> I mean after all the incoming data packets will be the sort of them that i
> initiated first and ONLY them.
> Any other unsolicited inbound network traffic will be blocked!
>
> Am i safe just by letting Stateful Packer Inspection do all the hard work
> when it comes to examing tcp/ip packets?

There is a LOT more to securing your system than just NAT and SPI. If
you click on something on the web (or email) since you created the
connection it's going to get through. The router only blocks things that
you didn't invite (or your computer didn't invite).

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
August 4, 2004 5:36:07 AM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b79a1107b31188a98a842@news-server.columbus.rr.com...
> In article <ceojgc$6at$1@nic.grnet.gr>, beatnik@mail.gr says...
> >
> > "Leythos" <void@nowhere.com> wrote in message
> > news:MPG.1b797d7942dca5b798a83d@news-server.columbus.rr.com...
> > > In article <ceo3jv$fao$1@nic.grnet.gr>, beatnik@mail.gr says...
> >
> > > That's the wrong question - the proper questions is If full base
> > > installs of Windows and Linux distros (including their included apps)
> > > come with holes/security issues, how do you protect your OS/Apps while
> > > you install the updates.
> > >
> > > People on Dial-Up think they are safe, but, they are no safer than
> > > anyone else on any other service. People that run Linux distro's that
> > > think they are safe have not really researched the flaws found in many
> > > applications included with their distro.
> >
> > OK! Assume i install Debian and configure properly iptables with
Stateful
> > Packer Inspection enabled like the following:
> >
> > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> > iptables -P INPUT DROP
> >
> > Am i secure even though i did not run the appropriate/neccesary linux
> > updates?
> > I mean after all the incoming data packets will be the sort of them that
i
> > initiated first and ONLY them.
> > Any other unsolicited inbound network traffic will be blocked!
> >
> > Am i safe just by letting Stateful Packer Inspection do all the hard
work
> > when it comes to examing tcp/ip packets?
>
> There is a LOT more to securing your system than just NAT and SPI. If
> you click on something on the web (or email) since you created the
> connection it's going to get through. The router only blocks things that
> you didn't invite (or your computer didn't invite).

But if my linux installation is unpatched i think i will not have problems
if i just accept respond packets coming from connections that i have
started. Is this correct?
Anonymous
August 4, 2004 5:36:08 AM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <cep3tq$ra8$1@nic.grnet.gr>, beatnik@mail.gr says...
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b79a1107b31188a98a842@news-server.columbus.rr.com...
> > In article <ceojgc$6at$1@nic.grnet.gr>, beatnik@mail.gr says...
> > >
> > > "Leythos" <void@nowhere.com> wrote in message
> > > news:MPG.1b797d7942dca5b798a83d@news-server.columbus.rr.com...
> > > > In article <ceo3jv$fao$1@nic.grnet.gr>, beatnik@mail.gr says...
> > >
> > > > That's the wrong question - the proper questions is If full base
> > > > installs of Windows and Linux distros (including their included apps)
> > > > come with holes/security issues, how do you protect your OS/Apps while
> > > > you install the updates.
> > > >
> > > > People on Dial-Up think they are safe, but, they are no safer than
> > > > anyone else on any other service. People that run Linux distro's that
> > > > think they are safe have not really researched the flaws found in many
> > > > applications included with their distro.
> > >
> > > OK! Assume i install Debian and configure properly iptables with
> Stateful
> > > Packer Inspection enabled like the following:
> > >
> > > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> > > iptables -P INPUT DROP
> > >
> > > Am i secure even though i did not run the appropriate/neccesary linux
> > > updates?
> > > I mean after all the incoming data packets will be the sort of them that
> i
> > > initiated first and ONLY them.
> > > Any other unsolicited inbound network traffic will be blocked!
> > >
> > > Am i safe just by letting Stateful Packer Inspection do all the hard
> work
> > > when it comes to examing tcp/ip packets?
> >
> > There is a LOT more to securing your system than just NAT and SPI. If
> > you click on something on the web (or email) since you created the
> > connection it's going to get through. The router only blocks things that
> > you didn't invite (or your computer didn't invite).
>
> But if my linux installation is unpatched i think i will not have problems
> if i just accept respond packets coming from connections that i have
> started. Is this correct?

I can not say, since your unpatched system may have a flaw that a patch
might correct, it's really hard to say.

Why fight the simplicity of a router device?

I can understand wanting to learn about security, but why put yourself
in a questionable position while doing it?

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
August 4, 2004 5:58:59 AM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b79e1489fc6cc0298a84a@news-server.columbus.rr.com...
> In article <cep3tq$ra8$1@nic.grnet.gr>, beatnik@mail.gr says...

> > But if my linux installation is unpatched i think i will not have
problems
> > if i just accept respond packets coming from connections that i have
> > started. Is this correct?
>
> I can not say, since your unpatched system may have a flaw that a patch
> might correct, it's really hard to say.

But even if it has one, it wont be a problem because no data is going to go
there... i think...

> Why fight the simplicity of a router device?
>
> I can understand wanting to learn about security, but why put yourself
> in a questionable position while doing it?

I always like that. My guess of doing this is to see i f i can make it!
Anonymous
August 4, 2004 5:59:00 AM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <cep59k$t20$1@nic.grnet.gr>, beatnik@mail.gr says...
> But even if it has one, it wont be a problem because no data is going to go
> there... i think...

Ah, but the "I THINK" part is what can get you into trouble - you see,
the unpatched part could be for your firewall application, could be
something that is exposed, could be anything. Unless you can say "I know
it won't get inside" then you are better off getting a border device for
protection.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
August 4, 2004 5:59:00 AM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

beatnik wrote:
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b79e1489fc6cc0298a84a@news-server.columbus.rr.com...
>
>>In article <cep3tq$ra8$1@nic.grnet.gr>, beatnik@mail.gr says...
>
>
>>>But if my linux installation is unpatched i think i will not have
>
> problems
>
>>>if i just accept respond packets coming from connections that i have
>>>started. Is this correct?

No, you can still be at risk. Someone else mentioned this earlier. If
you click on a link hiding some sort of malware, the connection was made
by you, and the response would be allowed whether or not it contained
malicious code.

A firewall will not protect you against this type of attack, unless it
also incorporates an intrusion detection system (IDS) to recognize
malicious patterns in arriving data and block it when found.

>>
>>I can not say, since your unpatched system may have a flaw that a patch
>>might correct, it's really hard to say.
>
>
> But even if it has one, it wont be a problem because no data is going to go
> there... i think...

My recommendation to anyone is to block everything you don't need. That
suggestion has also been made by someone else earlier, including
iptables commands to accomplish it, and further commands to allow
specific services to be used both outbound and inbound. The above
warning still applies, though, if you initiate a connection to a
malicious host; in that case you need the IDS.

>
>
>>Why fight the simplicity of a router device?
>>
>>I can understand wanting to learn about security, but why put yourself
>>in a questionable position while doing it?
>
>
> I always like that. My guess of doing this is to see i f i can make it!

Nothing wrong with a software firewall; been using them at home for
years. But you have to understand their limitations (not unlike those of
small hardware routers and stateful firewalls) and conduct yourself
accordingly. I would never use them to protect a large network; they are
not designed for that and would be a poor choice.

At $WORK, we rely on redundant stateful hardware firewalls, from more
than one manufacturer, and in layers. More than one type reduces the
liklihood of a particular vulnerability on one being sufficient to
compromise the other. Of course you're talking Real Money, not $50 or so.

For a few hundred bucks you can get something like a small Cisco PIX
firewall, which is fairly good right out of the box, except that it does
not limit outbound ports without your configuring it. Get a used one and
pay less, of course.

As with most things, you get what you pay for.

Chuck
Anonymous
August 4, 2004 6:49:21 AM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b79e6636079629698a84d@news-server.columbus.rr.com...
> In article <cep59k$t20$1@nic.grnet.gr>, beatnik@mail.gr says...
> > But even if it has one, it wont be a problem because no data is going to
go
> > there... i think...
>
> Ah, but the "I THINK" part is what can get you into trouble - you see,
> the unpatched part could be for your firewall application, could be
> something that is exposed, could be anything. Unless you can say "I know
> it won't get inside" then you are better off getting a border device for
> protection.

Yeahh, you never know what might hit you!
I'll buyt teh router first chance!

Thank you!
Anonymous
August 4, 2004 6:49:22 AM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <cep876$3au$1@nic.grnet.gr>, beatnik@mail.gr says...
>
> "Leythos" <void@nowhere.com> wrote in message
> news:MPG.1b79e6636079629698a84d@news-server.columbus.rr.com...
> > In article <cep59k$t20$1@nic.grnet.gr>, beatnik@mail.gr says...
> > > But even if it has one, it wont be a problem because no data is going to
> go
> > > there... i think...
> >
> > Ah, but the "I THINK" part is what can get you into trouble - you see,
> > the unpatched part could be for your firewall application, could be
> > something that is exposed, could be anything. Unless you can say "I know
> > it won't get inside" then you are better off getting a border device for
> > protection.
>
> Yeahh, you never know what might hit you!
> I'll buyt teh router first chance!

Now, not to contradict myself, but you may just be secure enough,
depending on the linux distro you choose to install that you don't have
any problems, but I like to have the safety of the router at a minimum
to make sure that it's built right before it goes live.

I know people that have been on the net with unprotected Windows boxes
that have not had one problem, other than spyware, trojans, viruses,
exploits, etc... :)  I also know people running Linux systems that have
not had problems except with open FTP services and things like running
as ROOT all the time :) 

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
August 4, 2004 7:26:32 AM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b79f4baaca5a21698a851@news-server.columbus.rr.com...
> In article <cep876$3au$1@nic.grnet.gr>, beatnik@mail.gr says...
> >
> > "Leythos" <void@nowhere.com> wrote in message
> > news:MPG.1b79e6636079629698a84d@news-server.columbus.rr.com...
> > > In article <cep59k$t20$1@nic.grnet.gr>, beatnik@mail.gr says...

> Now, not to contradict myself, but you may just be secure enough,
> depending on the linux distro you choose to install that you don't have
> any problems, but I like to have the safety of the router at a minimum
> to make sure that it's built right before it goes live.

Well, i want the minimum i need have to feel secure. If the SPI firewall (as
iptables is from linux kernels >=2.4) working and the Distro is Debian then
i think i am almost safe....but you never really now now do you?!?

I want to hear your opinion about Statefull Packet Inspection/Filtering in
contract to Stateless Packet Inspection/Filtering.....if you are in the mood
of explaining, and as i see you hopefully are ;-)


> I know people that have been on the net with unprotected Windows boxes
> that have not had one problem, other than spyware, trojans, viruses,
> exploits, etc... :) 

Not to mention worms ;-)

> I also know people running Linux systems that have
> not had problems except with open FTP services and things like running
> as ROOT all the time :) 

ProFTPd you say? :-)
Anonymous
August 4, 2004 3:51:54 PM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <41105e00@nntp.zianet.com>, csterlin@zianet.com says...
> A firewall will not protect you against this type of attack, unless it
> also incorporates an intrusion detection system (IDS) to recognize
> malicious patterns in arriving data and block it when found.

Just to add to this, most firewalls don't implement this, but the ones
that do are also using proxy services in the rule sets. The WatchGuard
units can filter active-x, java-applets, unknown headers, content types,
unsafe-paths, cookies, client connection info and deny submissions. I've
found that using web-blocker, an active url filter and a setting that
requires content type in the header, that almost all of the bad things
are blocked. Now, keep in mind, users can surf to myporn.com or
mycasino.com, they are part of the url filter list. This firewall is not
something that most home users can afford, but it would sure be nice to
see something like this in a software based solution put on the market
for home users - even if it was just the HTTP Proxy part it would save
many home/soho users a lot of cash/pain.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
August 4, 2004 4:13:27 PM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"beatnik" <beatnik@mail.gr> wrote in news:cenf0e$ere$1@nic.grnet.gr:

> Because i get numerous port scan attacks and some hosts trying
> persistent to have inbound connection tou my machine at strange ports
> i will switch to linux.
> As i ate in the noon i though the following....:-) Iam lauphing
> because the most of my ideas pop up to my head at meal time lol...
>
> Can someone tell me the ruleset i have to use in iptables so that i
> can ONLY accept incoming data packets to my machine from connections
> that I initiated first and nothing else? Everything else that i did
> not explicitly start i want them automatically rejected by firewall.
>
> For example i asked to see my webpage at the remote web server
> nikos.50free.com:80 through my web browser so i ONLY want to accpet
> data packets derived from there (nikos.50free.com as host) and of
> course from 80 port only. All other ports i want them blocked. Just
> ONLY what i want opened!
>
> I believe (theoritically) its the best way to set the firewall to
> linux and to win.
>
> I know that in linux its just a 1-2 lines ruleset (but i dont know the
> syntax), as for Windows XP the firewall there is doing stuff
> automatically but i need to tell it to to do the same thing! Its just
> i dont know how to tell it!
>
>
> ps. Please dont flame, instead ignore the post if you do not like it.
>
> --
> The Devil Is In The Details!
>
>

I think your best approach is to get a cheap NAT router for home usage
that has logging that will stop the unsolicited inbound traffic. You can
use a host based solution behind it if you like.

Duane :) 
Anonymous
August 4, 2004 4:35:32 PM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"Chuck_Sterling" <csterlin@zianet.com> wrote in message
news:41105e00@nntp.zianet.com...
> beatnik wrote:
> > "Leythos" <void@nowhere.com> wrote in message
> > news:MPG.1b79e1489fc6cc0298a84a@news-server.columbus.rr.com...
> >
> >>In article <cep3tq$ra8$1@nic.grnet.gr>, beatnik@mail.gr says...
> >
> >
> >>>But if my linux installation is unpatched i think i will not have
> >
> > problems
> >
> >>>if i just accept respond packets coming from connections that i have
> >>>started. Is this correct?
>
> No, you can still be at risk. Someone else mentioned this earlier. If
> you click on a link hiding some sort of malware, the connection was made
> by you, and the response would be allowed whether or not it contained
> malicious code.
>
> A firewall will not protect you against this type of attack, unless it
> also incorporates an intrusion detection system (IDS) to recognize
> malicious patterns in arriving data and block it when found.

Is there somethign relative,something in common between IDS and SPI ??!

> >>I can not say, since your unpatched system may have a flaw that a patch
> >>might correct, it's really hard to say.
> >
> >
> > But even if it has one, it wont be a problem because no data is going to
go
> > there... i think...
>
> My recommendation to anyone is to block everything you don't need. That
> suggestion has also been made by someone else earlier, including
> iptables commands to accomplish it, and further commands to allow
> specific services to be used both outbound and inbound. The above
> warning still applies, though, if you initiate a connection to a
> malicious host; in that case you need the IDS.

So IDS can really save me even though i deliberately open such connections
to testcheck the firewall capabilities?

> >>Why fight the simplicity of a router device?
> >>
> >>I can understand wanting to learn about security, but why put yourself
> >>in a questionable position while doing it?
> >
> >
> > I always like that. My guess of doing this is to see i f i can make it!
>
> Nothing wrong with a software firewall; been using them at home for
> years. But you have to understand their limitations (not unlike those of
> small hardware routers and stateful firewalls) and conduct yourself
> accordingly. I would never use them to protect a large network; they are
> not designed for that and would be a poor choice.
>
> At $WORK, we rely on redundant stateful hardware firewalls, from more
> than one manufacturer, and in layers. More than one type reduces the
> liklihood of a particular vulnerability on one being sufficient to
> compromise the other. Of course you're talking Real Money, not $50 or so.
>
> For a few hundred bucks you can get something like a small Cisco PIX
> firewall, which is fairly good right out of the box, except that it does
> not limit outbound ports without your configuring it. Get a used one and
> pay less, of course.
>
> As with most things, you get what you pay for.

Yes but what if someone found an exploit for an unpacthed Cisco PIX (even
though they are the best hardware firewalls in the market) ?
Cisco will be needing firmware updates too, as the OS needs software updates
to fillt he holes.

So i think no matter what you have you are still vulnerable! So why pay for
Cisco if you can have the same problems iwth it as with software?
Anonymous
August 4, 2004 4:35:33 PM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

In article <ceqai7$hmc$1@nic.grnet.gr>, beatnik@mail.gr says...
> Yes but what if someone found an exploit for an unpacthed Cisco PIX (even
> though they are the best hardware firewalls in the market) ?
> Cisco will be needing firmware updates too, as the OS needs software updates
> to fillt he holes.

This did happen, there was a serious hole in their product about a year
ago. I remember all the backbone providers having to flash their routers
for the update - dropped connections all over the country as it was
being done. But, even with that one instance, the PIX is a great device
as well as many others.

> So i think no matter what you have you are still vulnerable! So why pay for
> Cisco if you can have the same problems iwth it as with software?

If you ever start thinking you are safe then you've failed to maintain a
the proper attitude - always assume that someone can get in, someone
will keep trying, that there is a hole, and plan for it.

You pay for ANY appliance or high-end firewall application because you
understand how they set it up, what it was designed for, and that there
is little chance that a base install will be screwed up. You can use
many application type firewalls, there are some very nice ones. The key
is the expertise level of the user making the changes to the firewall.
Even an appliance can be riddled with holes if a person with no training
or understanding starts fiddling with the rule sets. What this goes back
to is that most of the "personal firewall apps", PFW, are managed by
users that have no clue as to what they are doing, that's why many
people push the idea of a NAT device - it gives them that first barrier
of protection. Sure, it doesn't do anything once something has
compromised their systems, but it does block a lot of things (3000+ per
day in our area) that attempt to connect to their machines.

There is a side benefit of having a appliance in front of your network
too, less CPU cycles used by the software firewall on your computer.
Since that PFW doesn't have to work as hard you get to have some of the
performance back.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
August 4, 2004 7:25:54 PM

Archived from groups: alt.hacker,comp.security.firewalls (More info?)

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b7a9a1827ddb1e198a85b@news-server.columbus.rr.com...
> In article <ceqai7$hmc$1@nic.grnet.gr>, beatnik@mail.gr says...
> > Yes but what if someone found an exploit for an unpacthed Cisco PIX
(even
> > though they are the best hardware firewalls in the market) ?
> > Cisco will be needing firmware updates too, as the OS needs software
updates
> > to fillt he holes.
>
> This did happen, there was a serious hole in their product about a year
> ago. I remember all the backbone providers having to flash their routers
> for the update - dropped connections all over the country as it was
> being done. But, even with that one instance, the PIX is a great device
> as well as many others.
>
> > So i think no matter what you have you are still vulnerable! So why pay
for
> > Cisco if you can have the same problems iwth it as with software?
>
> If you ever start thinking you are safe then you've failed to maintain a
> the proper attitude - always assume that someone can get in, someone
> will keep trying, that there is a hole, and plan for it.
>
> You pay for ANY appliance or high-end firewall application because you
> understand how they set it up, what it was designed for, and that there
> is little chance that a base install will be screwed up. You can use
> many application type firewalls, there are some very nice ones. The key
> is the expertise level of the user making the changes to the firewall.
> Even an appliance can be riddled with holes if a person with no training
> or understanding starts fiddling with the rule sets. What this goes back
> to is that most of the "personal firewall apps", PFW, are managed by
> users that have no clue as to what they are doing, that's why many
> people push the idea of a NAT device - it gives them that first barrier
> of protection. Sure, it doesn't do anything once something has
> compromised their systems, but it does block a lot of things (3000+ per
> day in our area) that attempt to connect to their machines.
>
> There is a side benefit of having a appliance in front of your network
> too, less CPU cycles used by the software firewall on your computer.
> Since that PFW doesn't have to work as hard you get to have some of the
> performance back.

True. After all the moto says "Only the Best is Good enough"!
Good enough not entirely adequate :-)

Thanks for the answer once again!
!