Re: [Full-Disclosure] Microsoft urging users to buy Harware Firewalls

• Previous message: Michael Scheidell: "Re: +++++SPAM+++++ RE: [Full-Disclosure] Microsoft urging users to buy Harware Firewalls"
• In reply to: Richard M. Smith: "RE: [Full-Disclosure] Microsoft urging users to buy Harware Firewalls"
• Next in thread: William Warren: "Re: [Full-Disclosure] Microsoft urging users to buy Harware Firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@lists.netsys.com
Date: Thu, 14 Aug 2003 12:24:14 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 14 August 2003 05:13, Richard M. Smith wrote:
> Tens of millions of home owners have already purchased NAT boxes and use
> them on a daily basis to share their cablemodem and DSL Internet
> connections between multiple computers. These products are extremely
> popular. Not sure what all these problems that are you complaining
> about. In my exprerience, these boxes just work.

Somehow, you haven't really understood what I have said.
As long, as you do not wish to have any exotic applications or host internet
servers you will not run into troubles. To achieve certain things you _must_
configure your hardware router that does NAT to do port forwarding. In this
case, I have seen enough users unable to get along with their hardware box.

My point is, that microsoft should rather ship with a windows not opening port
139 and 135 by default but only at the user's request. If the user has a
hardware firewall and wants to have services opened to the world wide web, he
will do port forwarding to the machine in question, and thus again create an
attack vector!
If microsoft did not open all these ports at all, we would not really need
this hardware box and would have the same effect. Sure - some trojans could
still open a port - but users must be careful about what programs to install
and run anyways. And as most trojans/virii connect to a master, like channel
in irc nowadays, this does not really do much of a difference.
In a normal home installation with only one computer connected to the net you
do not need any netbios or shares.

- --
 - Thilo Schulz

My public GnuPG key is available at http://home.bawue.de/~arny/public_key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/O2NYZx4hBtWQhl4RAo9VAJ4tyKUQtXcghLJj+mSQFAVFrXU+5ACgyg5k
5zwooxs3gYnb6430mBO81HA=
=177h
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Michael Scheidell: "Re: +++++SPAM+++++ RE: [Full-Disclosure] Microsoft urging users to buy Harware Firewalls"
• In reply to: Richard M. Smith: "RE: [Full-Disclosure] Microsoft urging users to buy Harware Firewalls"
• Next in thread: William Warren: "Re: [Full-Disclosure] Microsoft urging users to buy Harware Firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]