RE: [fw-wiz] Home Environment Cisco

From: Paul Robertson (proberts_at_patriot.net)
Date: 06/06/03

  • Next message: Paul Robertson: "Re: [fw-wiz] OT: FTP Servers"
    To: firewall-wizards@honor.icsalabs.com
    Date: Fri, 6 Jun 2003 16:18:53 -0400 (EDT)
    

    On 5 Jun 2003, Florin Andrei wrote:

    > Hmmm... All that in a firewall for a _home_environment_?

    Yep, Identity Fraud is probably the #1 crime, and lots of homes contain
    PCs with sensative work data, if not VPN clients.

    > I actually have an opposite complaint about nmap: if the firewall drops
    > UDP packets, nmap marks those ports as being "open".
    > I can see the reasons why this behaviour was chosen, yet i'd like a CLI
    > switch to tell nmap "just say NO RESPONSE in that case, don't mark the
    > ports as being open."
    > But that's offtopic...

    But worth a retort- Fyodor not only gave you NMAP, he gave you the
    *source* to NMAP.

    It's a shame when you've got all the pieces, and you're sitting at the
    table waiting for someone else to put your puzzle together for you.

    > Sure, but different environments have different requirements.
    > Staying within the domain targeted by the original message (firewalls
    > for home environments), i'll say NAT does a great job: simple, takes out
    > a lot of problems (yet not all, as you pointed out), not too intrusive.
    > And did i mention it's simple? :-) The perfect one-stop-shop.

    Except it's not perfect- witness the worm and virus explosions from home
    networks.

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    proberts@patriot.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Paul Robertson: "Re: [fw-wiz] OT: FTP Servers"

    Relevant Pages

    • Re: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket
      ... Hi Paul, well yes I have found nmap to be buggy at times myself. ... How reliable have people here found nmap and nessus to be? ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Pen-Test)
    • Re: Firewall
      ... Paul wrote: ... > I have the firewall on but when I ran an NMAP scan of my dial up IP ... From where have you done the nmap test. ... Try something online, like: ...
      (alt.os.linux.suse)