-
April 20th, 2004, 06:24 AM
#1
Junior Member
Firewall question..
A friend of mine never used a firewall (till last week) .. and for the past 2 years, his computer has been online all day (cable). I convinced him to use a firewall. But before the install, I checked his "status" on GRC. Only half of his ports were stealth, many were open. We use the same isp and there's kids scanning all the time. My question is, how come noone ever hacked his machine? I almost feel stupid for the time spent fine tuning my firewall.
merci!
-
April 20th, 2004, 06:53 AM
#2
You could just put it down to luck.
Now that's really amazing not having a firewall and never getting bitten.
Just look at me, one of my boxes is running a fully unpatched version on win 95, no AV no Firewall, and it's getting bitten all the time.
So far it's been hacked, used as a Zombie, some dude even managed to run a Warez site from it.
So i think that your friend is fruiting lucky that something drastic didn't happen to he's box.
I hope that he was at least using an AV and some kind of Adaware program...
cheers
front2back:.
-
April 20th, 2004, 07:04 AM
#3
I would suggest Fine tuning the configuration of the OS, GRC is BS. Home users who get hacked are in the wrong place at the wrong time, and they are usually abused for their connection speed. Who knows?
-
April 20th, 2004, 07:11 AM
#4
Junior Member
the firewall is the right solution, just go ahead...
Beware of security guys!
-
April 20th, 2004, 07:30 AM
#5
Originally posted here by Wesam
the firewall is the right solution, just go ahead...
A direct,objective question why?
-
April 20th, 2004, 01:10 PM
#6
Imitation: Why?
Really rather simple....... If you are thinking that a quick scan with GRC is your assurance that the computer isn't already "cracked" I would say that you could be gravely mistaken, (think connection shovelling). Just because a computer isn't listening on a port doesn't mean that nothing bad is going on with it. Then, the phrase used was "Only half of his ports were stealth, many were open"..... GRC didn't identify the process that was holding the port open did it? It stated that the port is usually opened by xxxxxx service. But it didn't prove that it was. Furthermore, just because, (for example), IIS is holding open port 80 doesn't mean that the IIS process has not been subverted with additional code in a hidden thread or worse yet the entire process is subverted making it nearly impossible to determine that something is, in fact, wrong.
Placing a firewall with ingress _and_ egress filters between the processes and the public network will quickly and cheaply tell you if there is a reason for concern. Yes, I know.... The process could be shut down by the infection itself and that's why the process itself needs to be monitored unless, of course, the firewall is a remote device.
To be honest, I would recommend a complete takedown of the box and reinstall from trusted media, firewall it up, patch it fully, grab a free AV, Winpatrol, Ad-aware, Spybot and The Cleaner, (while you are at it), and move on.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
April 21st, 2004, 04:06 AM
#7
*psst...* I think he was trying to get wesam to explain himself...
-
April 21st, 2004, 05:42 AM
#8
.:front2back:. what kind of connection did you have on that win95?? dsl/cable or just regular 56k?
***EDIT***
Damn Im stupid, its obviously dsl/cable if someone managed to host a site off of it right?? I wish I would think a little more often
-
April 21st, 2004, 07:38 PM
#9
Junior Member
Tks for the info, learned alot!
modan
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|