April 20th, 2003 02:40 PM
April 20th, 2003 05:31 PM
I think that the topic "Shields Up" is very thin and very misleading, especially for people who have no experience or knowledge in computer security, giving out a fake sense of security.
The results i got from there indicate that my system is god and is very very safe. I run this scan from a web cafe, using the free version of ZA ( ) on a win98 system that crashes every 20 mins. It said that my ports were "STEALTHED" (w00t w00t).
This sort of misleading and false results is very bad, since a novice user now thinks he is totally safe, so there is no need to lookup anything else related to security. Also the fact that he is offering some miracolous wonder applications for download to secure your system incase the results were negative.
But lets go back to my favourite part of this.....the "STEALTHY" part. What is a stealthed port? How secure is this?
What they call "STEALTH" is nothing more then a firewall which is set to DROP an ICMP packet. That means that when an ICMP (ping) packet is send, the firewall just drops it rather than sending the echo reply back again (pong). Many people will argue to whats better, is it better to DROP an ICMP packet, or is it better to DENY it? The advantage of dropping an ICMP is that if a remote user pings you, or scans you, he will be stalled, since the packet reply has to wait the maximum round trip time, and then usually times out. That will slow down an attacker who is awaiting replies/results. The disadvantage here though is that the attacker is aware that there is a firewall in place, making a target more ....uhm...... shall we say "Attractive".
So the term "stealth" is dangerous and very misleading. A simple example is when using nmap with the -P0 option. That will give away the open ports behind a firewall althogh the GRC results indicated that its very safe since the ports are "stealthed" (LOL).
What GRC is supposed todo, and they dont, is to try to explain a bit more detail on basic security, rather than tell a user that they are safe. A firewall can be f00led, in many ways. Thanks to GRC all i need is a firewall to be safe. What a joke.
Ofcourse i must respect the fact that many users are not very computer literate and have to use them for many different reasons, and that they might not be interested in security. But if these users fall victim to GRC, they get a totally wrong sense to how secure their systems are.
REMEMBER, SECURITY IS NOT JUST A FIREWALL. SECURITY DOES NOT JUST DEPEND ON SOME ONLINE SCAN. THERE IS NO SUCH THINGS AS A SOFTWARE THAT YOU DOWNLOAD AND ALL YOUR SECURITY PROBLEMS ARE SOLVED. SECURITY MEANS KNOWLEDGE. IT MEANS MAINTAINANCE. And non of that is mentioned on GRC. I wonder why.
Ubuntu-: Means in African : "Im too dumb to use Slackware"
April 20th, 2003 05:55 PM
Just to give you an idea about how "great" his secuirty is, compare...
http://grc.com/lt/leaktest.htm Gibson's Leak Test (which showed how great Zone Alarm was)
http://keir.net/firehole.html Firehole, which did the exact same test, the proper way.
No one knows everything about security. Its not possible. My biggest problem with Gibson is that he acts like he does. Yeah, he may be a decent programmer, and be able to explain noobie problems to newbies, but that doesn't mean he knows everything.
oh yeah, and we don't even have to get into Shields Up (that has obviously been covered here already)
\"Ignorance is bliss....
but only for your enemy\"
April 20th, 2003 10:26 PM
Chances are that he'll think that there is nobody online at that IP address. Unless you're chatting with him at the same time on IRC The person would think that there was no system online at the IP address he pinged and probably move on to something else. And, he would have no way of confirming that either. Dropping is usually a good idea, but, I found that on my system, using different firewalls, dropping takes up more system resources. Nowadays I have a router, beautiful thing, protects me. Imagine my surprise to find roughly 40 important attack logs :0, 20 that were "ping of death" attacks, and 20 that were "Syn Flood" attacks, well, my router filtered them out anyways. Anyways, hardware firewalls are usually a good choice. I think I got confused from what I set out to say, so, I'll end this post here, confused, um, yeah. Oh, wait, one more thing.
The disadvantage here though is that the attacker is aware that there is a firewall in place, making a target more ....uhm...... shall we say "Attractive".
Grcsucks.com was most likely written by somebody with a problem with Gibson, the person hasn't done their research, and in more than a few cases, is flat out wrong.
Don't trust any site. Trust books. Go to your bookstore, read up on internet security. Seriously, don't trust any online portscan, they're only going to scan like 30 ports anyways, you have over 60 thousand.
April 21st, 2003 12:46 PM
I , myself like steve gibsons' site and have used it quite a few times but there is yet another that I like at http:www.pcpitstop.com that gives a prety good scan also. I thank you all for these links and will use them to scan and secure my computer. Thanks guys. Auntie
For hundreds of years the brain was physically capable of the thoughts of a Galelio or an Aristotle among people who had not yet learned to count to ten. Much of that equipment is still unused and waiting.