Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Firewall ???

Reply
Thread Tools

Firewall ???

 
 
claudel
Guest
Posts: n/a
 
      10-19-2004
In article <Xns95879A4519FDnothanks@65.32.5.122>,
prettygirl <(E-Mail Removed)> wrote:
>(E-Mail Removed) (claudel) wrote in news:ckvf0b$71v$1
>@bolt.sonic.net:
>
>>>"prettygirl" <(E-Mail Removed)> wrote in message
>>>news:Xns9581CA74CE486nothanks@65.32.5.122...
>>> Windows98
>>> Roadrunner cable subscriber
>>> All MS Windows patches installed
>>> AV program up to date
>>> TCP/IP bindings secure
>>> Netbios over TCP/IP disabled
>>>
>>> So why do I need to run a firewall?

>>
>> Why do you need a door with a secure lock on your home?
>>
>>
>> Claude
>>
>>
>>

>
>But my "home" has no doors.


Well, there ya go.

You probably don't need a firewall either.



Claude
 
Reply With Quote
 
 
 
 
\Crash\ Dummy
Guest
Posts: n/a
 
      10-19-2004
>Windows98
>Roadrunner cable subscriber
>All MS Windows patches installed
>AV program up to date
>TCP/IP bindings secure
>Netbios over TCP/IP disabled


>So why do I need to run a firewall?


I will try to give you a straight answer, although I expect to get jumped on by
all the resident security experts. If your system is as described, you should
have no open ports. You can verify this by opening a DOS box and running
netstat:

C:\windows\netstat -an

If the result shows

Active Connections

Proto Local Address Foreign Address State

with no entries, then all your ports are closed. If all your ports are closed,
you don't need a firewall to defend against external attacks. You may, however,
want a firewall to monitor traffic or control applications. Among other things,
it can spot programs that include spyware. It is also a great learning tool for
understanding how the internet works. I recommend that you get one, even if you
can live without it.
--
Dave "Crash" Dummy - A weapon of mass destruction
http://www.velocityreviews.com/forums/(E-Mail Removed)?subject=Techtalk (Do not alter!)
http://lists.gpick.com


 
Reply With Quote
 
 
 
 
Nicholas Albright
Guest
Posts: n/a
 
      10-19-2004
On Mon, 18 Oct 2004 23:33:24 -0400, "Crash" Dummy wrote:

>>And, even if your (rash and presumptuous) premise is true, that
>>only means that one avenue to cracking the system is closed -
>>there may be many others!

>
> Well, y'all go ahead and crack them computers. I don't feel like arguing the
> point any more.


Actually, you are both right. The ports are all 'closed' because there are
no services running on them at the time; therefore the system is 'secure'
right now. As far as we know the risk of data theft is low. However, a
trojan can be installed at a later date, which is where a firewall helps.
A firewall acts like a body guard to help block these trojans from being
used by the remote attacker.

Remember the myth about firewalls being a catch all and protecting from
EVERY hack attempt is just that, a myth. There are other methods of entry,
but most are not commonly referred to as 'hacking' (atleast not by the
media).

My advice, the more protection you have, the better off you are. Firewalls
such as Kerio and Sygate are easy to use and free. There is no logical
reason to NOT take advantage of them.

Firewalls could help protect others from YOU as well. Think about this, if
you get a worm (spreads by making connections to other computers), you
would pass this worm too; a firewall may keep you from doing this.

I hope you consider trying one out.

Nicholas.

 
Reply With Quote
 
prettygirl
Guest
Posts: n/a
 
      10-19-2004
"\"Crash\" Dummy" <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

>>Windows98
>>Roadrunner cable subscriber
>>All MS Windows patches installed
>>AV program up to date
>>TCP/IP bindings secure
>>Netbios over TCP/IP disabled

>
>>So why do I need to run a firewall?

>
> I will try to give you a straight answer, although I expect to get
> jumped on by all the resident security experts. If your system is as
> described, you should have no open ports. You can verify this by
> opening a DOS box and running netstat:
>
> C:\windows\netstat -an
>
> If the result shows
>
> Active Connections
>
> Proto Local Address Foreign Address State
>
> with no entries, then all your ports are closed. If all your ports are
> closed, you don't need a firewall to defend against external attacks.
> You may, however, want a firewall to monitor traffic or control
> applications. Among other things, it can spot programs that include
> spyware. It is also a great learning tool for understanding how the
> internet works. I recommend that you get one, even if you can live
> without it.




Microsoft(R) Windows 98
(C)Copyright Microsoft Corp 1981-1999.

C:\WINDOWS>netstat -an

Active Connections

Proto Local Address Foreign Address State

C:\WINDOWS>



 
Reply With Quote
 
Nicholas Albright
Guest
Posts: n/a
 
      10-19-2004
On Tue, 19 Oct 2004 18:34:43 -0400, "Crash" Dummy wrote:

> C:\windows\netstat -an
>
>...
>...
> I recommend that you get one, even if you can live without it.


I agree, and just for kicks I installed Windows 2k (VMware under linux)
with a default install, no AV and no firewall. It is
running SP4. (I don't have windows 98 here.) My nmap (port scan
from linux) results:

Initiating Connect() Scan against 172.16.100.128 at 17:26
open port 1025/tcp
open port 21/tcp
open port 1032/tcp
open port 13/tcp
open port 7/tcp
open port 25/tcp
open port 135/tcp
open port 9/tcp
open port 443/tcp
open port 19/tcp
open port 17/tcp
open port 445/tcp
open port 80/tcp
open port 139/tcp
The Connect() Scan took 28 seconds to scan 65535 ports.

Some of these ports are more dangerous then others. Protect yourself, run
the firewall.

Nicholas.
 
Reply With Quote
 
\Crash\ Dummy
Guest
Posts: n/a
 
      10-20-2004
>I hope you consider trying one out.

You are preaching to the choir. I use a firewall and have for years. I never
advocated not using one. I just want to separate the myths from reality.
--
Dave "Crash" Dummy - A weapon of mass destruction
(E-Mail Removed)?subject=Techtalk (Do not alter!)
http://lists.gpick.com


 
Reply With Quote
 
nemo outis
Guest
Posts: n/a
 
      10-20-2004
In article <(E-Mail Removed) >, Nicholas Albright <(E-Mail Removed)> wrote:
>On Tue, 19 Oct 2004 18:34:43 -0400, "Crash" Dummy wrote:


>
>Some of these ports are more dangerous then others. Protect yourself, run
>the firewall.
>
>Nicholas.


Yup, and even a firewall is not enough. The prudent will always
put a hardware router out front as the first line of defence.
NAT as a minimum, stateful packet inspection and all the other
bells and whistles also desirable.

Regards

 
Reply With Quote
 
\Crash\ Dummy
Guest
Posts: n/a
 
      10-20-2004
>I agree, and just for kicks I installed Windows 2k (VMware under linux)
>with a default install, no AV and no firewall. It is
>running SP4. (I don't have windows 98 here.) My nmap (port scan
>from linux) results:


Interesting. I also run W2K, and I have never seen all those servers installed
with a "default install." The only thing I saw with a default install were RPC
(135), NetBIOS (137-139), and Windows messenger (445). I had to specify the HTTP
server (80, 443) and the FTP server (21). 1025 is also used by inetinfo, but I
don't know by which service. I never installed a SMTP server (25), or any of the
others, and those ports were never in service (open). Are you running W2K
Server, or W2K Pro?
--
Dave "Crash" Dummy - A weapon of mass destruction
(E-Mail Removed)?subject=Techtalk (Do not alter!)
http://lists.gpick.com



 
Reply With Quote
 
Nicholas Albright
Guest
Posts: n/a
 
      10-20-2004
On Tue, 19 Oct 2004 21:33:18 -0400, "Crash" Dummy wrote:

> Are you running W2K Server, or W2K Pro?


Sorry, here was my install:

VMware configured with NAT/routing (notice the 172 ip address
instead of 192 or 10) Under Linux kernel 2.6

Windows 2000 Pro with SP4 already on the CD - Install disk for work
station at the office.

I simply hit "default install, format and install all"
and pressed enter through the whole install.

I did so just as I assumed several new users would.

I was successfully able to telnet to several of the ports.
Each time I was prompted with the connect message and Escape Code is ^].

When using a web browser I got a 404 'under construction' message under
HTTP, however using an FTP client (in my case commandline) I was able to
login as anonymous / (E-Mail Removed) with no privs to write files or create
directories. I did not try to 'crack' into the services, since I had to
borrow this install from work I deleted it right after I ran the
nmap/telnet checks. I'd guess I could have logged on with my user
name/password and uploaded files. If I knew where the http service
directory was (\www maybe?) I could have created a nifty but fairly plain
webpage.

Interesting enough though, I do legally own a copy of Windows XP (ugg) and
installed that, pre loaded with SP1. No upgrades, same defaults. This time
ports:

1025, 445 and 135 were open.

Go figure.

Nicholas.









 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is Cisco PIX Application level firewall or Packet level firewall? Learning Cisco Cisco 3 10-15-2005 12:55 AM
Increasing data transfer on a firewall to firewall vpn connection providencebuddy@yahoo.com Cisco 1 06-14-2005 10:20 PM
Connecting to a PIX firewall using cisco VPM client though a Linksys WAG54G with eth firewall enabled Phil Cisco 1 12-11-2004 12:30 PM
RMI client behind a firewall, server behind a firewall too Robert Dodier Java 6 09-14-2004 09:23 PM
Firewall and Norton Firewall Mark Wilson Computer Support 0 11-05-2003 06:35 AM



Advertisments