dcsimg
Page 4 of 5 FirstFirst ... 2345 LastLast
Results 31 to 40 of 47

Thread: the nessessity of a firewall?

  1. #31
    Ahh, do not confuse NetBios with RPC my friend.
    Then I mean the same ports NetBIOS uses can be blocked by disabling netBIOS. So I never have to disable DCOM, and I never had to cripple anything. I disabled netBIOS, a feature I do not use, and thus ports 135 - 139 were shut down completely without any loss of configurations or computer services.

    Editing the origonal post wouldn't let me upload a picture, so here is what I am talking about for the NetBIOS configuration and disabling ports 135 - 139

  2. #32
    (I wish more than one attachment could be done per post)

    This is a screenshot of Sysgate preforming a TCP scan on me, with NetBIOS disabled. Notice nothing is open except port 80 (my apache server). Notice 135 -139 are all closed. With NetBIOS enabled, it would be causing that DCOM bug to go to hell, but manually disabling it preforms the same function a firewall would do blindly for you.

  3. #33
    Wow!! Nice discussion. Let me through my 2 cents worth in.

    Why do you think a home user should work behind a firewall if closing ports and disabling services preforms the exact same functions?
    This was the original question. My answer is your average user doesn't know what the heck a port or service is. Thats a bad assumption that most of the experienced folks make. The average user doesn't know what they need or when they need it. This is the very reason why M$ is an empire. Their marketing people understood this about the average group of people who would potentially use a computer and understood how vulnerable they are.

    So the linksys and netgear's of the world are making a mark in the home networking market selling SOHO equipment at reasonable prices. They should thank M$ for this.

    How many of you guys remember the green screens, the Wyse 50 terminals, the amber screens? Didn't have to worry about your terminal being infected did ya?

    With M$ being so widely used and also having an OS that is the most likely to be exploited, firewalls nowadays MUST.
    - Boyam


  4. #34
    I can agree with that For the general public, they are a must. But it somehow turned from a "general public" to "why should I if..?"

    Your points on MS and their stradegy are completely correct in my eyes, and thus why I give them a firm nod of thanks. Although I've never used an amber or green screen.... commodor 64 days?

    Now then, I'm about to head to work, so here is what I would like to happen for this thread. We have been discussing back and forth about "a firewall blocks this!" and "So does just turning it off!" that it is time to put all cards on the table. If everyone here feels that a firewall is the new pink, then it is time to test it!

    My IP can be given via PM if you wish to participate in a "proof of concept attack" against me. Also, if you feel that I could be lying about the IP, feel free to have a moderator double check my given IP with the one's I am posting with.

    I am hosting Windows XP Pro. I have it secured like always from top to bottom, without using any sort of filtering device or firewall. I, Michael Goddard, give full permission for all members of the AntiOnline forums to preform what they will against my machine in order for me to evaulate future security needs as well as a proof-of-concept tool. Any means may be used, including but not limited to: DoS (to test OS hardening against attacks), port exploiting, server exploiting. All events that happen to my IP (as listed above) are of my own fault, and I will not place any responcibility for the actions I have asked to happen.

    Let's prove this people. Now then, I'm off to work So have fun!

  5. #35
    Member
    Join Date
    Aug 2001
    Posts
    90

    Thumbs up

    Just a question really:

    What exactly are you asking right now? It started with you enquiring whether the general home user (like Joe Public heh heh) needs a firewall. We then established that they do, on a general level. I believe three or four posts back you agreed too. Now whats the issue? Are you asking whether you, or someone like you ( an admin, or someone with exceptional control over the OS ) needs a firewall too? Because that sort of shifts the discussion. Everyone is still trying to prove the 'Home Users' point.

    I actually would kind of agree with pooh. What a firewall does, is exactly what pooh has done. Basically, a firewall blocks ( or stealths.. ya know ) the ports you don't need. Other features are included too, but thats basically what it does at it's core ( or am I mistaken? ) far as I can see, he is using Novels approach, and "Closing everything, except what needs to be open".

    Just as firewalls aren't 100% secure, neither is his method. But it's working for him, and working well I see. Future exploits are an issue with both firewalls, AND what he is doing.

    It is way too difficult for a normal user to actually study and research the detailed workings of any service, or bit of software he/she downloads. On a general scale, it's just not feasible. But on a personal level, it seems to be working for him. With everything closed except ports he is fully aware of, and with him denying entry to anything that can potentially open a port on his machine.. where is the issue? Ah, there is the off-chance that he doesn't fully understand something he downloads, and runs.. that MIGHT JUST open a port ( human, after all ). In this case, a firewall would notify him of the opened port, and the program/process attempting to establish the connection. A plus point? I think so. ( Though I'm sure he'd be monitoring his ports )

    Our man here is just doing manually what can be done automatically by a piece of software ( host-based firewalls essentially ARE just a piece of software ). Only thing is, why do it yourself when you can just as well let an automated bit of code do it for you. And efficiently at that.

    All I'm saying here pooh , is that while you're method seems to be working fine.. there always is the chance of human error. Yet, on the flipside computers are not infalliable, and no way intelligent. Something could just as easily slip by them.

    IF you're looking for a decent firewall, you could always compare them and pick the best. Like v_Ln, and MsMittens said, whats wrong with making it tougher?

    http://www.securityfocus.com/infocus/1750
    (This link was posted somewhere else on this forum.. don't remember where exactly)

    I don't know if I added anything to this discussion, but it's late here. And I've got the graveyard shift :/

    Cheers.

    Edit: I type too slow. heh.
    I blame you cos my mind is not my own, so don't blame me if I trespass in your zone!

  6. #36
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Please do not post IP addresses. It may well be yours but the reality is the members have no way of knowing. In addition, it could easily encourage others to use this as a way of social engineering an attack against some hapless soul. If you feel inclined to be "probed and prodded" PM specific members, still at your risk, and have them publish the results -- sans IP address -- here.

    This is done for the safety and education of all members. I have PM'd you but also want to warn members against this kind of thing. It's really easy to become victim of a SE (or con job) because someone sounds intelligent or what-have-you (I'm not saying that's what you're doing,Pooh, but making members think about this before doing anything).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  7. #37
    Originally posted here by RejectKnowledge
    [B]Just a question really:

    What exactly are you asking right now? It started with you enquiring whether the general home user (like Joe Public heh heh) needs a firewall. We then established that they do, on a general level. I believe three or four posts back you agreed too. Now whats the issue? Are you asking whether you, or someone like you ( an admin, or someone with exceptional control over the OS ) needs a firewall too? Because that sort of shifts the discussion. Everyone is still trying to prove the 'Home Users' point.

    This is completely correct! I agree that normal home users should have a firewall, as they won't spend time learning. That's fine, of course. It switched when I started asking about the situation if someone could secure it, after all. Thus here we are, discussing it in terms of actual admins versus users. Why people keep mentioning home users after I agreed on page one, is beyond me


    All I'm saying here pooh , is that while you're method seems to be working fine.. there always is the chance of human error. Yet, on the flipside computers are not infalliable, and no way intelligent. Something could just as easily slip by them. IF you're looking for a decent firewall, you could always compare them and pick the best. Like v_Ln, and MsMittens said, whats wrong with making it tougher?
    I agree here again, 100% I know I will make a mistake one day and download something ridiculous, so let's just say I'm still running off of a clean slate _for now_ at least. I also completely agree with MsM and have since decided on a good firewall for me. I think my main beef was that, far too many new age admins are swearing by firewalls but never taking the time to find out why the firewall is actually needed, resulting in almost all of the security job's I've taken. I can see though, after making this large thread, that.. oh why the hell not have a firewall? If you understand both just as well, instead of just a firewall or just OS configurations, then you have mastered security to the current point in the computer world. On a side note, that firewall I found won't be going up until the proof of concept I posted is complete.


    I don't know if I added anything to this discussion, but it's late here. And I've got the graveyard shift :/
    Trade you shifts!! Mee! Meee! And thanks for your reply


    EDIT: MsMitten, my apologies for posting an IP, and I can assure you it will not happen again. IP was removed from post and a different statement instead. Good to see the moderators jump up on it thougg!

  8. #38
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    In an ironic twist of fate, the reason why you do not see port 135 as open is because most likely your ISP has blocked it at the firewall. Disabling NetBios does NOT disable port 135 which is RPC/DCOM and not NetBios. Imagine your chargrin if someone on your local ISP segment rooted you with a DCOM exploit. Hope your box is patched up.
    Try running Nmap on yourself.


    -Maestr0

    As far as discussing why admins swear by them, as I said when firewalling a network its a whole new ballgame. I think TigerShark brought up the point that there are many services and networking capabilities that you WANT on your network, you just dont want EVERYONE to be able to access these. I'd rather block NetBios at the perimeter than try and make sure every one of my hundreds of users has it switched off, besides I like NetBios.
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  9. #39
    Senior Member
    Join Date
    Aug 2001
    Posts
    356
    Here is my two cents on the subject...

    I cannot tell you how many times someone has used a friends computer.. Next thing you know there is a trojan on the computer that opened a port letting the whole world connect. Something as simple as having Zone Alarm installed would at least pop up a notifcation saying the program was trying to access the internet.

    I think it is very important to have a firewall. Whether it is necessary or not doesn't matter. Knowing their is one more barrier up is good enough for me.

    Statistics are also a good reason to have a firewall. You can view exactly what is going on. You can see attempts to hack your computer, and where they come from.

    You sound like you know what you are doing. It's a good thing that you blocked all those ports. But I am a firm believer in the more security, the better.
    An Ounce of Prevention is Worth a Pound of Cure...
     

  10. #40
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Pooh, as I'm scanning your computer and getting interesting results it has occurred to me yet another reason as to why to add a firewall to your system, even if you do "harden" it: how do you know that other admins are doing their part of the job online? Somewhere in this discussion you mention how your ISP filters 135 (you'll notice from the first UDP scan that 136/UDP was filtered but not 135/UDP -- TCP variants are still pending). Given this initial result it made me think: what if the ISP did a typo and put 136 rather than 135. You are depending -- in a small way -- on their admin being up to snuff.

    Even if it's not related directly to you, wouldn't it make sense to have that extra protection in case someone else moof's it?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •