Sign in with
Sign up | Sign in
Your question

ZDNet - Tech Update - "Security issues move Linksys router..

Last response: in Wireless Networking
Share
Anonymous
April 9, 2004 1:17:54 PM

Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

Just sharing...

http://techupdate.zdnet.com/techupdate/stories/main/Lin...



--

To reply by e-mail, remove the "-nospam-" from the reply to address
Anonymous
April 9, 2004 2:31:59 PM

Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh

>Just sharing...
>
>http://techupdate.zdnet.com/techupdate/stories/main/Lin...


"David Berlind's Reality Check"?

Seriously, the one who needs a reality check may be David Berlind
himself. Complaining about port 113 being closed as opposed to stealth
while considering UPnP for firewall devices is a good thing clearly
shows how David Berlind doesn't know enough about the topic at hand to
be considered an expert giving advice to others.



Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
Anonymous
April 9, 2004 2:32:00 PM

Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

Lars M. Hansen wrote:
> On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh
>
>> Just sharing...
>>
>>
http://techupdate.zdnet.com/techupdate/stories/main/Lin...
>
>
> "David Berlind's Reality Check"?
>
> Seriously, the one who needs a reality check may be David Berlind
> himself. Complaining about port 113 being closed as opposed to stealth
> while considering UPnP for firewall devices is a good thing clearly
> shows how David Berlind doesn't know enough about the topic at hand to
> be considered an expert giving advice to others.
>
>
>
> Lars M. Hansen
> http://www.hansenonline.net
> (replace 'badnews' with 'news' in e-mail address)

If you have a quantitative viewpoint on the article, I for one will be
happy to read what you have to say.

Q
Related resources
Anonymous
April 9, 2004 3:18:30 PM

Archived from groups: alt.internet.wireless (More info?)

The majority of people are not going to scan IP addresses in order to find
targets for DoS attacks (especially, when all one has to do is look at the
headers of e-mail messages from people who one does not like). Sure, there
might be occasional random DoS attacks, but those are unlikely to last for a
long time and are unlikely to originate from more than a few hosts. Sure,
the presence of a port that responds to incoming connections might subject
ones other ports to increased scanning. However, neither of these two are
exceptionally worrisome.

I would be much more worried if Linksys routers could be remotely
compromised to give people access to a LAN (e.g. by placing a computer into
the DMZ). As long as that is not the case, I'm not worried. As far as UPnP
is concerned, there has to be a way of allowing certain ports to be
forwarded; and manually configuring ports is too difficult for most home
users. Sure, UPnP could be exploited by worms to communicate with one
another, and UPnP could allow poorly-written applications to compomise a
computer behind an otherwise properly-configured router, but UPnP alone will
not allow a worm to propagate to a computer that is behind a router that
does not allow incoming connections.

-Yves

"Quaoar" <quaoar@tenthplanet.net> wrote in message
news:GuednXJPypp1IuvdRVn-hw@comcast.com...
> Lars M. Hansen wrote:
> > On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh
> >
> >> Just sharing...
> >>
> >>
>
http://techupdate.zdnet.com/techupdate/stories/main/Lin...
> >
> >
> > "David Berlind's Reality Check"?
> >
> > Seriously, the one who needs a reality check may be David Berlind
> > himself. Complaining about port 113 being closed as opposed to stealth
> > while considering UPnP for firewall devices is a good thing clearly
> > shows how David Berlind doesn't know enough about the topic at hand to
> > be considered an expert giving advice to others.
> >
> >
> >
> > Lars M. Hansen
> > http://www.hansenonline.net
> > (replace 'badnews' with 'news' in e-mail address)
>
> If you have a quantitative viewpoint on the article, I for one will be
> happy to read what you have to say.
>
> Q
>
>
Anonymous
April 9, 2004 8:15:24 PM

Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

On Fri, 9 Apr 2004 09:23:18 -0600, Quaoar spoketh

>Lars M. Hansen wrote:
>> On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh
>>
>>> Just sharing...
>>>
>>>
>http://techupdate.zdnet.com/techupdate/stories/main/Lin...
>>
>>
>> "David Berlind's Reality Check"?
>>
>> Seriously, the one who needs a reality check may be David Berlind
>> himself. Complaining about port 113 being closed as opposed to stealth
>> while considering UPnP for firewall devices is a good thing clearly
>> shows how David Berlind doesn't know enough about the topic at hand to
>> be considered an expert giving advice to others.
>>
>>
>>
>> Lars M. Hansen
>> http://www.hansenonline.net
>> (replace 'badnews' with 'news' in e-mail address)
>
>If you have a quantitative viewpoint on the article, I for one will be
>happy to read what you have to say.
>
>Q
>

David Berlind (DB) writes: "To the extent that national security relies
on the vitality of the economy, I consider the mDDoS a significant
threat to our national security."
http://techupdate.zdnet.com/techupdate/stories/main/def...

Seriously? A script-kiddies ability to use two servers to knock out a
cheap NAT router is a threat to national security? Wouldn't such a
"mini-DDoS" attack on multiple servers be considered an actual DDoS
attack? And, just because two servers where used to knock out one
router, it's suddenly classified "mini"?. Sounds like someone want's to
be another Steve Gibson and "invent" some totally nonsensical term for
something internet related in order to get their name written down in
the annals of the internet.

DB writes: "Firewall ports have three modes: open, closed, and stealth."
http://techupdate.zdnet.com/techupdate/stories/main/Lin...

Ports only have two states: Open or closed. "Stealth" is not a normal
state of any port, firewalled or not. "Stealth" is an open port that
doesn't send a RST after receiving a SYN. In Mr. Berlind's brush with
his "mDDoS", having port 113 being "stealth" rather than closed probably
wouldn't have made any difference, as I suspect the attacker really
didn't care if there was any ACKs or RSTs being returned (a simple SYN
flood).

DB writes: "The stealth mode hides a port's existence altogether (if all
ports are stealthed, the existence of the entire Internet connection is
basically hidden)"
http://techupdate.zdnet.com/techupdate/stories/main/Lin...

Actually, the complete lack of responses are a loud and clear "I'm here,
and I have firewall dropping your packets" response. There's nothing
stealthy about that at all.

DB quotes Steve Gibson: "When a user connects to an IRC server, that
server turns around and makes an IDENT query back to the user's system."

"But that practice, which dates back to the early 90's, has long since
stopped."
http://techupdate.zdnet.com/techupdate/stories/main/Lin...

If that were only true. IRC is not the only service that uses IDENT.
Many SMTP servers still uses IDENT, including those of several large
ISPs. Stealthing port 113 may cause significant delays when sending
e-mails, as the mail server has to wait for it's IDENT connection to
time out rather than simply getting an "RST" from you.

Can't argue with Gibsons' thoughts on UPnP, though. Hopefully, Mr.
Berlind will soon share that opinion as well.


Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
Anonymous
April 9, 2004 11:13:02 PM

Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

Lars M. Hansen <badnews@hansenonline.net> wrote in
news:qlcd70h7qeah0uml4uk7dfpvhet9095jle@4ax.com:

> On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh
>
>>Just sharing...
>>
>>http://techupdate.zdnet.com/techupdate/stories/main/Lin...
>>_DDoS.html
>
>
> "David Berlind's Reality Check"?
>
> Seriously, the one who needs a reality check may be David Berlind
> himself. Complaining about port 113 being closed as opposed to stealth
> while considering UPnP for firewall devices is a good thing clearly
> shows how David Berlind doesn't know enough about the topic at hand to
> be considered an expert giving advice to others.

I agree. He seems to be getting all excited about something he knows little
about. Complaining about using a port closed in one breath then suggesting
UPnP to be used the next.

Lots of people are using the Linksys routers and getting better than
average security compared to people who've got nothing. And I've seen just
as many Zone Alarm misconfigurations to know that it's not really any
"safer". I spent an entire weekened trying to remotely get my sister's
Zone Alarm config to work properly with VNC before we finally uninstalled
it. Not that I'm bashing a free product but seriously, they all have their
issues.

Anyone who is willing to spend the low price to put one of these cheap DSL
/ cable routers on in front of their PC is getting at least some basic
level of security that the majority of users out there simply don't have or
are not using (ie XP / 2003 internet security). I found it laughable that
the author suggests he'd be going with Netgear, as if their support is
somehow so much better. All the support in this price range leaves
something to be desired, but in my opinion these hardware devices require
less support than the comparable software solutions.
Anonymous
April 9, 2004 11:13:03 PM

Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

Mr. Grinch wrote:
> Lars M. Hansen <badnews@hansenonline.net> wrote in
> news:qlcd70h7qeah0uml4uk7dfpvhet9095jle@4ax.com:
>
>> On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh
>>
>>> Just sharing...
>>>
>>>
http://techupdate.zdnet.com/techupdate/stories/main/Lin...
>>> _DDoS.html
>>
>>
>> "David Berlind's Reality Check"?
>>
>> Seriously, the one who needs a reality check may be David Berlind
>> himself. Complaining about port 113 being closed as opposed to
>> stealth while considering UPnP for firewall devices is a good thing
>> clearly shows how David Berlind doesn't know enough about the topic
>> at hand to be considered an expert giving advice to others.
>
> I agree. He seems to be getting all excited about something he knows
> little about. Complaining about using a port closed in one breath
> then suggesting UPnP to be used the next.
>
> Lots of people are using the Linksys routers and getting better than
> average security compared to people who've got nothing. And I've
> seen just as many Zone Alarm misconfigurations to know that it's not
> really any "safer". I spent an entire weekened trying to remotely
> get my sister's Zone Alarm config to work properly with VNC before we
> finally uninstalled it. Not that I'm bashing a free product but
> seriously, they all have their issues.
>
> Anyone who is willing to spend the low price to put one of these
> cheap DSL / cable routers on in front of their PC is getting at least
> some basic level of security that the majority of users out there
> simply don't have or are not using (ie XP / 2003 internet security).
> I found it laughable that the author suggests he'd be going with
> Netgear, as if their support is somehow so much better. All the
> support in this price range leaves something to be desired, but in my
> opinion these hardware devices require less support than the
> comparable software solutions.

Three ad hominem replies about why Berlind knows nothing, but nothing
quantitative about why he is incorrect. Suspect the posters themselves
know nothing.

Q
Anonymous
April 9, 2004 11:13:04 PM

Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

thanks for keeping count and adding nothing.

--

"Quaoar" <quaoar@tenthplanet.net> wrote in message
news:cMSdnfPuv6G_YOvdRVn-sw@comcast.com...

> Three ad hominem replies about why Berlind knows nothing, but nothing
> quantitative about why he is incorrect. Suspect the posters themselves
> know nothing.
>
> Q
>
>
Anonymous
April 9, 2004 11:13:04 PM

Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

on Fri, 9 Apr 2004 13:44:33 -0600, Quaoar spoketh

>
>Three ad hominem replies about why Berlind knows nothing, but nothing
>quantitative about why he is incorrect. Suspect the posters themselves
>know nothing.
>
>Q
>

Wrong #1: Ports have 3 states: open, closed, stealth.
Wrong #2: mini-DDoS is a "national security issue".
Wrong #3: UPnP is good.
Wrong #4: mini-DDoS.
Wrong #5: Stealth makes your computer "basically hidden".
Wrong #6: Stealth would have solved his "mDDoS" issue.

That pretty much sums up the quantitive part of his three articles
regarding this "mDDoS" that he's invented.

Now, maybe you can do a "quantative" on why he's right...


Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
Anonymous
April 9, 2004 11:13:04 PM

Archived from groups: alt.internet.wireless (More info?)

Also, I think the average home user will experience many more wireless
interruptions due to neighbors with microwaves, cordless phones, and evil
channel-hogging 108Mbps access points than due to DoS attacks.

-Yves

"Quaoar" <quaoar@tenthplanet.net> wrote in message
news:cMSdnfPuv6G_YOvdRVn-sw@comcast.com...
> Mr. Grinch wrote:
> > Lars M. Hansen <badnews@hansenonline.net> wrote in
> > news:qlcd70h7qeah0uml4uk7dfpvhet9095jle@4ax.com:
> >
> >> On Fri, 9 Apr 2004 09:17:54 -0400, Jim Orfanakos spoketh
> >>
> >>> Just sharing...
> >>>
> >>>
> http://techupdate.zdnet.com/techupdate/stories/main/Lin...
> >>> _DDoS.html
> >>
> >>
> >> "David Berlind's Reality Check"?
> >>
> >> Seriously, the one who needs a reality check may be David Berlind
> >> himself. Complaining about port 113 being closed as opposed to
> >> stealth while considering UPnP for firewall devices is a good thing
> >> clearly shows how David Berlind doesn't know enough about the topic
> >> at hand to be considered an expert giving advice to others.
> >
> > I agree. He seems to be getting all excited about something he knows
> > little about. Complaining about using a port closed in one breath
> > then suggesting UPnP to be used the next.
> >
> > Lots of people are using the Linksys routers and getting better than
> > average security compared to people who've got nothing. And I've
> > seen just as many Zone Alarm misconfigurations to know that it's not
> > really any "safer". I spent an entire weekened trying to remotely
> > get my sister's Zone Alarm config to work properly with VNC before we
> > finally uninstalled it. Not that I'm bashing a free product but
> > seriously, they all have their issues.
> >
> > Anyone who is willing to spend the low price to put one of these
> > cheap DSL / cable routers on in front of their PC is getting at least
> > some basic level of security that the majority of users out there
> > simply don't have or are not using (ie XP / 2003 internet security).
> > I found it laughable that the author suggests he'd be going with
> > Netgear, as if their support is somehow so much better. All the
> > support in this price range leaves something to be desired, but in my
> > opinion these hardware devices require less support than the
> > comparable software solutions.
>
> Three ad hominem replies about why Berlind knows nothing, but nothing
> quantitative about why he is incorrect. Suspect the posters themselves
> know nothing.
>
> Q
>
>
Anonymous
April 9, 2004 11:13:05 PM

Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

I couldn't agree more...

The rambling on and on about closed versus "stealth" on port 113 is almost
nonsense...
Anonymous
April 10, 2004 6:50:11 PM

Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

In article <tkvd709fe814f4tbj204d7gbh49ll4m7av@4ax.com>,
Lars M. Hansen <badnews@hansenonline.net> wrote:

> DB quotes Steve Gibson: "When a user connects to an IRC server, that
> server turns around and makes an IDENT query back to the user's system."
>
> "But that practice, which dates back to the early 90's, has long since
> stopped."

MANY irc servers require ident still, but as many don't. IOW, having
that port forwarded is nice - and permits you to dump the ~ off your id
in the ulist, but it's simply not a necessity.

- Dan.
--
- Psychoceramic Emeritus
- South Jersey, USA, Earth
Anonymous
April 11, 2004 1:07:49 PM

Archived from groups: alt.cable-ip,alt.internet.wireless,comp.dcom.modems.cable (More info?)

My D-Link DI-624 wireless router also closes port 113 rather than 'stealth'
the port as confirmed by Shields Up and Symantec port scans to my router.
Maybe this is a widespread 'problem'. Any others you know of that do this?
If so, Mr. Berlind should be notified so he can remove all of them from the
'short list'. I wonder who is on the short list? Microsoft OS products
certainly should have been removed from the short list long ago.
!