Results 1 to 9 of 9

Thread: Firewall question..

  1. #1
    Junior Member
    Join Date
    Apr 2004

    Firewall question..

    A friend of mine never used a firewall (till last week) .. and for the past 2 years, his computer has been online all day (cable). I convinced him to use a firewall. But before the install, I checked his "status" on GRC. Only half of his ports were stealth, many were open. We use the same isp and there's kids scanning all the time. My question is, how come noone ever hacked his machine? I almost feel stupid for the time spent fine tuning my firewall.

  2. #2
    You could just put it down to luck.
    Now that's really amazing not having a firewall and never getting bitten.
    Just look at me, one of my boxes is running a fully unpatched version on win 95, no AV no Firewall, and it's getting bitten all the time.
    So far it's been hacked, used as a Zombie, some dude even managed to run a Warez site from it.
    So i think that your friend is fruiting lucky that something drastic didn't happen to he's box.
    I hope that he was at least using an AV and some kind of Adaware program...


  3. #3
    I would suggest Fine tuning the configuration of the OS, GRC is BS. Home users who get hacked are in the wrong place at the wrong time, and they are usually abused for their connection speed. Who knows?

  4. #4
    Junior Member
    Join Date
    Dec 2003
    the firewall is the right solution, just go ahead...
    Beware of security guys!

  5. #5
    Originally posted here by Wesam
    the firewall is the right solution, just go ahead...
    A direct,objective question why?

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Imitation: Why?

    Really rather simple....... If you are thinking that a quick scan with GRC is your assurance that the computer isn't already "cracked" I would say that you could be gravely mistaken, (think connection shovelling). Just because a computer isn't listening on a port doesn't mean that nothing bad is going on with it. Then, the phrase used was "Only half of his ports were stealth, many were open"..... GRC didn't identify the process that was holding the port open did it? It stated that the port is usually opened by xxxxxx service. But it didn't prove that it was. Furthermore, just because, (for example), IIS is holding open port 80 doesn't mean that the IIS process has not been subverted with additional code in a hidden thread or worse yet the entire process is subverted making it nearly impossible to determine that something is, in fact, wrong.

    Placing a firewall with ingress _and_ egress filters between the processes and the public network will quickly and cheaply tell you if there is a reason for concern. Yes, I know.... The process could be shut down by the infection itself and that's why the process itself needs to be monitored unless, of course, the firewall is a remote device.

    To be honest, I would recommend a complete takedown of the box and reinstall from trusted media, firewall it up, patch it fully, grab a free AV, Winpatrol, Ad-aware, Spybot and The Cleaner, (while you are at it), and move on.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Senior Member
    Join Date
    Apr 2004
    *psst...* I think he was trying to get wesam to explain himself...

  8. #8
    Join Date
    Apr 2004
    .:front2back:. what kind of connection did you have on that win95?? dsl/cable or just regular 56k?

    Damn Im stupid, its obviously dsl/cable if someone managed to host a site off of it right?? I wish I would think a little more often
    I am the uber duck!!1
    Proxy Tools

  9. #9
    Junior Member
    Join Date
    Apr 2004
    Tks for the info, learned alot!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts