Re: grc.com news server down?
From: Mike (spamlessmike@spamcop.net)
Date: 01/28/03
- Next message: JustMe: "Re: Understanding Kerio Personal Firewall log entries"
- Previous message: astra3@mail.com: "new programs 28/Jan/2003 (030128)"
- In reply to: Art Kopp: "Re: grc.com news server down?"
- Next in thread: DesertRat@mchsi.com: "Re: grc.com news server down?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Mike <spamlessmike@spamcop.net> Date: Tue, 28 Jan 2003 18:22:34 GMT
That's pretty interesting. (I sincerely respect your knowledge.)
The default NetBIOS/TCP settings and other servers (personal web,
etc.) were a real problem a few years ago. I was hacked with Sygate
running. Will the average person run netstat?
I've been getting attacked since ~'96. (Dos, DDos, NetBIOS, Trojans,
they call/called my number (modem exploits), send malicious emails,
etc.) There have been days that I've received over a hundred malicious
emails. Someone will post/has posted in this or to another NG or web
forum and say, "I've been on the Internet since its inception and have
never even seen a virus". Honestly, I'm glad for them. The wise AV
experts may feel that AV software isn't required, but look at what the
heck they already know (and their cautious practices).
Do you have MS Networking and F&P Sharing enabled on that interface?
(You know what the heck you're doing, but a lot of folks who do
on-line banking and shopping don't have a clue about these dangers.)
There are too many variables to simply say that firewalls don't have a
place. They've worked for me.
There's no doubt that implementing wide ranging and sound security
practices will help to keep the bad people out.
I remember an 'ol timer who also posted that he didn't have a
firewall. He said there was no danger in leaving NetBIOS enabled, as
long as the password was strong. Not much later .. along came the
Windows shared P2P login exploit.
Do you remember the W2K hacking challenge? What happened afterwards is
another story.
When Gibson came here in response after proclaiming ZA as the only
worthy PF - very few people challenged him.
I'd say that with all of the inherent weaknesses and services in OSs,
it really doesn't make any sense to not have a border firewall/router.
(though a lot of people won't spend a cent on security products)
My ISP wouldn't allow a router, but they did permit a "firewall". They
explicitly disallowed the sharing of an IP address. Now that NAT (and
routers) are popular - sharing is permitted (and without paying
additional fees for each additional computer on the LAN.)
Plus, firewall logs provide an idea of what's happening.
Now, there's a whole bunch of folks running wireless LANs. Firewalls
can play a major a role in cabled LAN security, also (in addition to
IPSEC, subnetting, etc..)
Look how much b!tching it took to make MS get serious about security.
Mis-configuration, clients running all kinds of servers and lack of
knowledge are real issues.
Do you see a need for filtering? I want to know what's trying to come
in or leave.
What about the other 64K ports, ICMP and various other protocols?
Yes, you can sniff.
In many ways you're right on the money.
Mike
- Next message: JustMe: "Re: Understanding Kerio Personal Firewall log entries"
- Previous message: astra3@mail.com: "new programs 28/Jan/2003 (030128)"
- In reply to: Art Kopp: "Re: grc.com news server down?"
- Next in thread: DesertRat@mchsi.com: "Re: grc.com news server down?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
