August 6th, 2003, 01:41 PM
Client/Server and Open Ports
Fantastic resource first of all!
My question relates to me trying to understand all the different things I have been told about Net security.
I am of the understanding that a firewall closes all your ports and asks you if and when any programs attempt to access the web from your machine or if any machines attempt connections to your PC from cyberspace.
Now my question is if you keep upto date with all the security patches and updates etc. As long as you do not have any areas to exploit and as long as you do not download or open up any trojans, whats the point of having a firewall?
My understanding is that even if you have an open port the only way anyone can contect to your PC via the open port is if there is a server listening to that port from your machine. Hence if you make sure each time you connect that nothing is listening to the ports that should not be by using netstat -a -n (I think it is) there is no danger.
Please correct me if I have become totally confused in all of this.
August 6th, 2003, 02:06 PM
Firewall not needed? LMAO first of all you will always have a area to fool around with. And there is always going to be some ports listening in for some type of a response from something. Even if there is no session hijacking, trojans, or ad/spyware going on you'll always be open to some type of attack especially denial of service... and without a firewall there is nothing out there to drop and audit these things to help stop Mr. or Mrs. Joe_Blow_PacketMonkey or some dDoS program from doing ICMP, SYN, or blah blah blah type of flood from flooding you.
And besides if some automated program such as a worm is trying to use exploits and crap on random peaple then wouldn't it be your duty as a admin/computer enthusiast to drop & audit these activities then report it to some authorities? If you don't then oh no the next guy and possably the other guy after that will be forced to handel it.
August 6th, 2003, 02:11 PM
Kerplunk: In a perfect world you would not need a firewall if you patch all the time and close all unnecessary ports on your machine. The problem really is that it isn't the software vendors that find the holes it's the bad guys. When they find an exploitable hole in a system they have what is known as a "zero day exploit". That means that no-one else knows about it. Couple that with the fact that windows has some ports open as a default that you may miss when you close other ports and you have the potential for an exploit. The firewall helps mitigate that problem by acting as a sentry over the network connection.
Additionally, there are ways to get a response from certain systems by "faking" an existing connection. If you can generate a response than you know that the system has processed the fake request. It is therefore possible that you can exploit the system while it processes that fake request.
Lastly, you could be used as a Reflected Distributed Denial of Service drone without you knowing it. If I want to attack computer A but don't want computer A to know who is attacking him I can ping computer B, (yours), with a crafted ICMP Echo Request that claims to have come from Computer A. Your computer will respond with an ICMP Echo Reply..... But it will send it to computer B. If I send 100 Echo Requests from your computer that is 100 packets that computer A has to process. If I have 100 computers sending 100 Echo Replies to computer A then there are 10,000 packets computer A has to process..... After that just do the math. Your firewall will simply drop the packets and you therefore you would be unusable in the RDDoS.
That's just a couple of examples.... there are lot's more..... and the bad guys are coming up with new ones daily.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
August 6th, 2003, 03:40 PM
I think the analogy of having a security system fits well here. Ports are synonymous to doors. Just because a door is locked doesn't mean the bad guy can't get in. But having a security system (firewall) really makes it even harder for the bad guy to achieve his/her objective.
If you have never been compromised, then you will never understand the feeling of being violated. Firewalls are a must, especially if you are using MS products.