What if no firewall when using eDonkey or Kazaa?

Discussion in 'Computer Security' started by Piotr Makley, May 14, 2004.

  1. Piotr Makley

    Piotr Makley Guest

    I found I had left my firewall disabled by mistake.

    I have been running my Overnet (file sharing) software for about 24
    hours. What risks have I been taking?

    Is it really necessary to always run a firewall when using file
    sharing applications like Overnet, eDonkey or Kazaa?
     
    Piotr Makley, May 14, 2004
    #1
    1. Advertising

  2. Piotr Makley wrote:

    > I found I had left my firewall disabled by mistake.
    >
    > I have been running my Overnet (file sharing) software for about 24
    > hours. What risks have I been taking?
    >
    > Is it really necessary to always run a firewall when using file
    > sharing applications like Overnet, eDonkey or Kazaa?

    Hi,

    this has nothing to do with kazaa and so on, because these deamons you
    expose to the internet anyways. It depends which other services you have
    running on your external interface. If there is a nfs server running, and
    you don't have a ip range set, you have a high risk. If you turn of all
    deamons except your file sharing deamons, no firewall is necessary at all.

    Regards, Alex
     
    Alexander Harsch, May 14, 2004
    #2
    1. Advertising

  3. Piotr Makley

    Ionizer Guest

    "Piotr Makley" <> wrote in message
    news:...
    > I found I had left my firewall disabled by mistake.
    >
    > I have been running my Overnet (file sharing) software for about 24
    > hours. What risks have I been taking?
    >
    > Is it really necessary to always run a firewall when using file
    > sharing applications like Overnet, eDonkey or Kazaa?


    Running a software firewall is just a really good idea, but if your system
    is up to date on all the MS patches, you are likely just fine following this
    24-hour lapse. During that period of time however, you were visible online
    to every script kiddie with a port scanner. If you want to see how
    vulnerable (or not) your system is with the firewall disabled, visit
    http://www.grc.com and click on "Shields U&p" for a very quick and thorough
    (but completely harmless) scan of your system. Do it twice- once with your
    firewall disabled and then once with it enabled, just for the sake of
    comparison.

    Regards,
    Ian.
     
    Ionizer, May 14, 2004
    #3
  4. Piotr Makley

    zz Guest

    Piotr Makley wrote:

    > I found I had left my firewall disabled by mistake.
    >
    > I have been running my Overnet (file sharing) software for about 24
    > hours. What risks have I been taking?
    >
    > Is it really necessary to always run a firewall when using file
    > sharing applications like Overnet, eDonkey or Kazaa?
    >


    I say the two are separate issues, firewalls are trained to allow
    programs to send and receive packets by you so you can tell your
    firewall to allow Kazaa etc to run through the firewall. Of course these
    act as server software and can be very dangerous since you allow things
    to come through your firewall without you initiating the request if you
    allow uploading. Kazaa checks for viruses worms and trojans, I do not
    know if Overnet does. Your AV will probably scan the file also.

    Without a firewall you are wide open, not just the apps you allow to go
    through the firewall but to everything attempting to access your system.

    g-w
     
    zz, May 14, 2004
    #4
  5. Piotr Makley

    Piotr Makley Guest

    "Jim Grimmett" <> wrote:

    > "Piotr Makley" <> wrote:
    >>
    >> Is it really necessary to always run a firewall when using
    >> file sharing applications like Overnet, eDonkey or Kazaa?

    >
    > I'd shorten this to "Q:Is it really necessary to always run a
    > firewall"
    >
    > A: Yes.



    Then the next short question is .... why?



    [groups restored]
     
    Piotr Makley, May 14, 2004
    #5
  6. Piotr Makley

    Gerald Vogt Guest

    Piotr Makley schrieb:
    > "Jim Grimmett" <> wrote:
    >>"Piotr Makley" <> wrote:
    >>>Is it really necessary to always run a firewall when using
    >>>file sharing applications like Overnet, eDonkey or Kazaa?

    >>
    >>I'd shorten this to "Q:Is it really necessary to always run a
    >>firewall"
    >>
    >>A: Yes.

    >
    > Then the next short question is .... why?


    Well, I would say: no. It is not always necessary. It is necessary if
    you have services running on your computer that listen on ports of the
    interface connected to the internet but that you don't want to be
    accesible from the internet. Which then leads to the question: why would
    you have the service running like that in the first place?

    So my answer is "no": if you shutdown all unnecessary services on your
    computer that usually listen to the network or at least do not bind them
    to the interface connected to the internet then you are perfectly
    safe. The risks you take when using any of the file sharing applications
    then remain the same with or without firewall because only those
    applications will listen to the internet (i.a.w. the firewall would have
    nothing to do in this scenario...)

    Gerald
     
    Gerald Vogt, May 14, 2004
    #6
  7. Piotr Makley

    charlie R Guest

    "Piotr Makley" <> wrote in message
    news:...
    > I found I had left my firewall disabled by mistake.
    >
    > I have been running my Overnet (file sharing) software for about 24
    > hours. What risks have I been taking?
    >
    > Is it really necessary to always run a firewall when using file
    > sharing applications like Overnet, eDonkey or Kazaa?
    >

    Hi, I think I would scan my computer with the AV, Spybot S&D, and
    AdAware, after I enabled my Firewall. I'd go to grc.com and scan with
    Shield'sUp port scanner to make sure my firewall was still protecting
    the computer.

    If you're connected to the Internet, you need a firewall.

    charlie R
     
    charlie R, May 15, 2004
    #7
  8. Piotr Makley

    miner Guest

    "charlie R" <> wrote in message news:<c83qs4$qmj$>...
    >
    > If you're connected to the Internet, you need a firewall.
    >


    i agree. if msblaster and sasser aren't good enough arguments for
    having a firewall, i don't know what is.
     
    miner, May 15, 2004
    #8
  9. On 15 May 2004 02:06:30 -0700, (miner) wrote:

    >> If you're connected to the Internet, you need a firewall.
    >>

    >
    >i agree. if msblaster and sasser aren't good enough arguments for
    >having a firewall, i don't know what is.


    They are good arguments for protecting yourself. We've been
    discussing whether a firewall is a necessary part of this protection.
     
    Laurence Payne, May 15, 2004
    #9
  10. Piotr Makley

    Ant Guest

    "miner" wrote...
    > "charlie R"...
    >>
    >> If you're connected to the Internet, you need a firewall.


    > i agree. if msblaster and sasser aren't good enough arguments for
    > having a firewall, i don't know what is.


    I think they're good arguments for closing the NetBT and RPC ports
    that Windows likes to listen on - which is what I have done. I run
    no firewall, and am not troubled by these exploits.

    Of course, if you're prone to downloading and running malware, a
    firewall might be useful.
     
    Ant, May 15, 2004
    #10
  11. Piotr Makley

    Chuck Guest

    On Sat, 15 May 2004 11:59:46 +0100, Laurence Payne
    <> wrote:

    >On 15 May 2004 02:06:30 -0700, (miner) wrote:
    >
    >>> If you're connected to the Internet, you need a firewall.
    >>>

    >>
    >>i agree. if msblaster and sasser aren't good enough arguments for
    >>having a firewall, i don't know what is.

    >
    >They are good arguments for protecting yourself. We've been
    >discussing whether a firewall is a necessary part of this protection.


    A firewall is part of a layered defense. Since all layers are
    reactive, and depend upon alerts and updates provided by the "good
    guys", IMHO, every layer is essential.

    Firewall (hardware and/or software based).
    AntiVirus (real-time and periodic scans).
    AntiSpyware/Trojan (real-time and periodic scans).
    System Security Updates (Microsoft and others).
    Browser Hardening.
    Website Hosts file blocking.
    Use of basic system security features, and common sense precautions.
    Constant education.

    All of the above security measures depend upon information provided by
    the good guys. Pray that the good guys provide the alerts and updates
    before the bad guys find out, and develop an exploit.

    Cheers,
    Chuck
    Paranoia comes from experience - and is not necessarily a bad thing.
     
    Chuck, May 15, 2004
    #11
  12. Piotr Makley

    Piotr Makley Guest

    "Ant" <> wrote:

    >>> If you're connected to the Internet, you need a firewall.

    >
    >> i agree. if msblaster and sasser aren't good enough
    >> arguments for having a firewall, i don't know what is.

    >
    > I think they're good arguments for closing the NetBT and RPC
    > ports that Windows likes to listen on - which is what I have
    > done. I run no firewall, and am not troubled by these
    > exploits.




    How do you close the NetBT and RPC ports?

    I think I might like to do the same as you have done.
     
    Piotr Makley, May 15, 2004
    #12
  13. Piotr Makley

    Ant Guest

    "Piotr Makley" wrote...

    > How do you close the NetBT and RPC ports?
    >
    > I think I might like to do the same as you have done.


    Ok. First I am using Windows 2000 on a stand-alone PC (no LAN) with a
    dial-up Internet connection, and second I don't run P2P apps (I'm
    reading this thread in alt.computer.security).

    A long time ago I reduced the number of services running to a bare
    minimum by disabling, or setting them to manual startup. The only
    protocol bound to my modem is TCP/IP.

    To close ports 137, 138, & 139, disable NetBIOS over TCP/IP in the
    networking properties for each network adapter.

    To close port 135, run "dcomcnfg" from a command prompt or the "Start
    -> Run" dialog. On Win2k a dialog box appears. Select "Default
    Properties" and untick "Enable Distributed COM". Select "Default
    Protocols" and remove "Connection-oriented TCP/IP". On WinXP (which I
    don't have) an MMC console is launched. Click around to find the
    options. After a reboot port 135 should be closed.

    To close port 445, disable raw SMB transport by adding the value
    "SmbDeviceEnabled" to the registry, and reboot:

    Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
    Name: SmbDeviceEnabled
    Type: DWORD (REG_DWORD)
    Data: 0

    Check the ports are not listening by typing "netstat -an" from a
    command prompt.

    For more info see:
    http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html.en
     
    Ant, May 15, 2004
    #13
  14. Piotr Makley wrote:
    > I found I had left my firewall disabled by mistake.
    >
    > I have been running my Overnet (file sharing) software for about 24
    > hours. What risks have I been taking?
    >
    > Is it really necessary to always run a firewall when using file
    > sharing applications like Overnet, eDonkey or Kazaa?


    no, not even a virusscanner is necessary if you know what you are doing,
    but if you ask this question maybe it is for you ;)


    --
    Dieter D'Hoker
    news:free.nl.dieter.dhoker & news:alt.nl.fan.dieter.dhoker
    Multiplayer tetris? http://www.tsrv.com/
     
    Dieter D'Hoker, May 17, 2004
    #14
  15. In article <>, Chuck
    <> wrote:
    >A firewall is part of a layered defense. Since all layers are
    >reactive, and depend upon alerts and updates provided by the "good
    >guys", IMHO, every layer is essential.


    Is a firewall reactive, depending on alerts and updates?

    Classic firewall advice is to block all traffic except that which you know
    you need. Unless your needs for open ports change, in what way would a
    firewall require alerts or updates? [Except to fix its own flaws, perhaps -
    but I don't think that alone makes it 'reactive'.]

    Alun.
    ~~~~

    [Please don't email posters, if a Usenet response is appropriate.]
    --
    Texas Imperial Software | Find us at http://www.wftpd.com or email
    1602 Harvest Moon Place | .
    Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
    Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
     
    Alun Jones [MS MVP - Security], May 19, 2004
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. BIGEYE

    Netgear DG814 Router & eDonkey

    BIGEYE, Nov 7, 2004, in forum: Computer Support
    Replies:
    8
    Views:
    1,843
    Duane Arnold
    Nov 8, 2004
  2. Yvon Deguire

    Edonkey or Overnet

    Yvon Deguire, Nov 8, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    486
    PuppyKatt
    Nov 8, 2004
  3. ann harkin

    edonkey

    ann harkin, Jul 10, 2005, in forum: Computer Support
    Replies:
    2
    Views:
    519
    Joel Rubin
    Jul 10, 2005
  4. Yvon Deguire

    Edonkey

    Yvon Deguire, Sep 15, 2006, in forum: Computer Support
    Replies:
    1
    Views:
    558
  5. Alan Parker
    Replies:
    2
    Views:
    354
    Troglodyte
    Dec 12, 2004
Loading...

Share This Page