Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > firewall dialog - limited understanding

Reply
Thread Tools

firewall dialog - limited understanding

 
 
Simon Pleasants
Guest
Posts: n/a
 
      06-06-2004
I get firewall warning messages about UDP datagrams, ICMP packets, etc.

I don't understand what they mean, so I habitually deny ythem access and
create rules to prevent further access.

But I'm aware that this practice may not always be a good idea.

I can't be bothered learning all the poota-geek language -- I just want to
be told whether the things I get warnings about are good things or bad
things.

Where can I go to find out?

Nowhere that requires me to take a degree in poota science first.


 
Reply With Quote
 
 
 
 
Nihil
Guest
Posts: n/a
 
      06-06-2004
On Sun, 6 Jun 2004 16:28:18 +1200, Simon Pleasants wrote:

> I get firewall warning messages about UDP datagrams, ICMP packets, etc.
>
> I don't understand what they mean,


The best way to learn is to do your own reading and research.

To get you started here is a very brief introduction to the TCP/IP system.

Networking protocols are normally developed in layers, each layer
responsible for a different facet of communications. TCP/IP is normally
considered to be a 4-layer system (the ISO OSI is a 7-layer system).

4 Application FTP, Telnet, SMTP, etc...
|
3 Transport TCP, UDP
|
2 Network IP, (ICMP, IGMP)
|
1 Link Network hardware and device driver

1) Link Layer: (data link, network interface) This is where the device
driver of the NIC resides. All the hardware details are handled here.

2) Network Layer: (internet layer) Handles the movement and routing of
packets around the network. IP is considered 'unreliable'.

3) Transport Layer: Provides the flow of data between the two parties, for
the application layer above. TCP is considered 'reliable', while UDP is
not. TCP is connection-oriented, maintaining state information, etc.
UDP is connectionless oriented.

4) Application Layer: Handles all the details of the particular
application.

Happy researching.


--
....check out the nametag.. you're in MY world now grandma...
 
Reply With Quote
 
 
 
 
Patrick Dunford
Guest
Posts: n/a
 
      06-06-2004
In article <J3xwc.1070$(E-Mail Removed)>,
http://www.velocityreviews.com/forums/(E-Mail Removed) says...
> I get firewall warning messages about UDP datagrams, ICMP packets, etc.
>
> I don't understand what they mean, so I habitually deny ythem access and
> create rules to prevent further access.
>
> But I'm aware that this practice may not always be a good idea.


If it doesn't stop you from using the net then it is OK basically.

I have all the warnings in ZA set to silent, I don't need to know what
idiot is trying to hack into my PC, if they don't get in.
 
Reply With Quote
 
Chris Wilkinson
Guest
Posts: n/a
 
      06-07-2004
Hi there,

Simon Pleasants wrote:
> I get firewall warning messages about UDP datagrams, ICMP packets, etc.
>
> I don't understand what they mean, so I habitually deny ythem access and
> create rules to prevent further access.
>
> But I'm aware that this practice may not always be a good idea.


Don't believe that. If you stealth *everything*, then nothing can get
thru uninitiated. Surely the best defence in my opinion...

> I can't be bothered learning all the poota-geek language -- I just want to
> be told whether the things I get warnings about are good things or bad
> things.


You should be stealthing everything that comes in, unless your firewall
knows that it came in from an IP address that you had sent something to
first...

--
Kind regards,

Chris Wilkinson, Christchurch, New Zealand.
Canterbury Horse Taxis. http://www.horsetaxis.co.nz/
Remove spamblocker to send replies direct to my email...

 
Reply With Quote
 
Dave Taylor
Guest
Posts: n/a
 
      06-08-2004
"Simon Pleasants" <(E-Mail Removed)> wrote in news:J3xwc.1070
$(E-Mail Removed):

> Where can I go to find out?
>
> Nowhere that requires me to take a degree in poota science first.
>
>
>


Try this place and run the shields up scan against your IP.
http://www.grc.com/

Ciao, Dave
 
Reply With Quote
 
Route
Guest
Posts: n/a
 
      06-09-2004
On Mon, 07 Jun 2004 21:30:54 +0100, Chris Wilkinson wrote:

> Hi there,
>
> Simon Pleasants wrote:
>> I get firewall warning messages about UDP datagrams, ICMP packets, etc.
>>
>> I don't understand what they mean, so I habitually deny ythem access and
>> create rules to prevent further access.
>>
>> But I'm aware that this practice may not always be a good idea.

>
> Don't believe that. If you stealth *everything*, then nothing can get
> thru uninitiated. Surely the best defence in my opinion...


The often used term "Stealth" is load of rubbish. All that happens is that
the firewall throws away incoming packets and does not respond at all, but
usually you don't want that. Contrary to some of the hype, it is usually
better to return an error than nothing at all, because the error will at
least cause port scanners to move on to the next port, so the attack will
be over more quickly. If a firewall returns nothing then the scanner
assumes that a packet was lost and tries again, prolonging the attack. In
both cases the amount of information an attacker gets at the end is the
same, but with errors at least there is less of a load on the connection.

BTW don't put your faith in these web based free security checkers either.
One of them claimed that my firewall was using "the latest stealthing
techniques" and is extremely secure. But I had no "stealthing techniques".
The reason that this online security tester did not see error responses
from my computer was due to a simple programming error in their script.
Apparently whoever wrote the script was not very experienced in socket
programming, and did not know that for all BSD derived stacks a UDP socket
has to be connect()ed in order to receive socket errors. Personally I would
not trust a company to write a firewall for me if they don't even know
these basic things.

-- Route
 
Reply With Quote
 
Route
Guest
Posts: n/a
 
      06-11-2004
On Fri, 11 Jun 2004 19:51:33 +0100, Chris Wilkinson wrote:

>>>Don't believe that. If you stealth *everything*, then nothing can get
>>>thru uninitiated. Surely the best defence in my opinion...

>>
>>
>> The often used term "Stealth" is load of rubbish. All that happens is that
>> the firewall throws away incoming packets and does not respond at all, but
>> usually you don't want that. Contrary to some of the hype, it is usually
>> better to return an error than nothing at all

>
> Returning an error returns an IP address does it not?


Yes.

> Based on that I'd rather use so-called 'stealthing'...


I'm afraid there really is no advantage in doing that and the practice may
cause technical problems with normal tcp/ip services.

>> BTW don't put your faith in these web based free security checkers either.
>> One of them claimed that my firewall was using "the latest stealthing
>> techniques" and is extremely secure.

>
> I don't put my faith in them. I put my faith in Linux,


A very naive statement. I don't put my faith in any operating system.

--
....check out the nametag.. you're in MY world now grandma...
 
Reply With Quote
 
Chris Wilkinson
Guest
Posts: n/a
 
      06-11-2004
Hi there,

Route wrote:
> On Mon, 07 Jun 2004 21:30:54 +0100, Chris Wilkinson wrote:
>
>
>>Hi there,
>>
>>Simon Pleasants wrote:
>>
>>>I get firewall warning messages about UDP datagrams, ICMP packets, etc.
>>>
>>>I don't understand what they mean, so I habitually deny ythem access and
>>>create rules to prevent further access.
>>>
>>>But I'm aware that this practice may not always be a good idea.

>>
>>Don't believe that. If you stealth *everything*, then nothing can get
>>thru uninitiated. Surely the best defence in my opinion...

>
>
> The often used term "Stealth" is load of rubbish. All that happens is that
> the firewall throws away incoming packets and does not respond at all, but
> usually you don't want that. Contrary to some of the hype, it is usually
> better to return an error than nothing at all


Returning an error returns an IP address does it not? Based on that I'd
rather use so-called 'stealthing'...

> BTW don't put your faith in these web based free security checkers either.
> One of them claimed that my firewall was using "the latest stealthing
> techniques" and is extremely secure.


I don't put my faith in them. I put my faith in Linux, which has not
seen an infection in 18 months I've been online with it...

I have seen plenty of port hits from Win based virii however...all of
which have been ignored, and usually cease after a second or two...

--
Kind regards,

Chris Wilkinson, Christchurch, New Zealand.
Canterbury Horse Taxis. http://www.horsetaxis.co.nz/
Remove spamblocker to send replies direct to my email...

 
Reply With Quote
 
Randor
Guest
Posts: n/a
 
      06-13-2004
On Fri, 11 Jun 2004 19:51:33 +0100, Chris Wilkinson
<(E-Mail Removed)> wrote:

>
>I don't put my faith in them. I put my faith in Linux, which has not
>seen an infection in 18 months I've been online with it...


But it has been regularly updated, has it not?

 
Reply With Quote
 
Chris Wilkinson
Guest
Posts: n/a
 
      06-17-2004
Hi there,

Route wrote:
> On Fri, 11 Jun 2004 19:51:33 +0100, Chris Wilkinson wrote:
>
>
>>>>Don't believe that. If you stealth *everything*, then nothing can get
>>>>thru uninitiated. Surely the best defence in my opinion...
>>>
>>>
>>>The often used term "Stealth" is load of rubbish. All that happens is that
>>>the firewall throws away incoming packets and does not respond at all, but
>>>usually you don't want that. Contrary to some of the hype, it is usually
>>>better to return an error than nothing at all

>>
>>Returning an error returns an IP address does it not?

>
> Yes.
>
>>Based on that I'd rather use so-called 'stealthing'...

>
> I'm afraid there really is no advantage in doing that and the practice may
> cause technical problems with normal tcp/ip services.


The advantage I see is that your machine categorically refuses to send
anything back to the originator...random IP pings that don't hit a
target will cause just as many TCP/IP service issues, so why is it
considered different to be ignoring any port hits?

>>>BTW don't put your faith in these web based free security checkers either.
>>>One of them claimed that my firewall was using "the latest stealthing
>>>techniques" and is extremely secure.

>>
>>I don't put my faith in them. I put my faith in Linux,

>
> A very naive statement. I don't put my faith in any operating system.


Lets both remove our firewalls...who will still be running at 100%
by the end of the night? Not you...if you cannot accept that by far
the bulk of port hits and scans from virii etc are designated for
Windows based systems, then you have comprehension issues...there
are Linux nasties out there, but as a % of the total nasties? Next
to zilch...get over it...

--
Kind regards,

Chris Wilkinson, Christchurch, New Zealand.
Canterbury Horse Taxis. http://www.horsetaxis.co.nz/
Remove spamblocker to send replies direct to my email...

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
limited connectivity for limited users =?Utf-8?B?aG9yc2VmbHk=?= Wireless Networking 1 03-24-2006 05:17 PM
How to hide the dialog when execute a dialog based application in VC? yw C++ 3 07-02-2005 03:35 AM
Connecting to a PIX firewall using cisco VPM client though a Linksys WAG54G with eth firewall enabled Phil Cisco 1 12-11-2004 12:30 PM
display print preview dialog, not print dialog Matt Javascript 1 11-20-2004 01:18 AM
New edition Kerio Personal Firewall (freeware limited version) enemy@private.org Computer Support 0 04-04-2004 12:50 PM



Advertisments