Re: Intrusion detection

From: Wolfgang Kueter (wolfgang_at_shconnect.de)
Date: 06/23/04


Date: Wed, 23 Jun 2004 12:58:05 +0200

news wrote:

> I just use my computer for email, browsing

Use safe client sofwtare.

> and for access to some data services.

You mean file sharing (kazaa etc)? Simply forget security when using file
sharing services.
 
> I am a little confused.

That happens when firewall placebos are confronted with basics about network
communication.

> Let's see.. But it is better to close a program
> that holds a port open than to try to block ip:s?

Yes. A not existing service can neither be connected nor be expolited.

> Since you apparently can get around by spoofing.

IP spoofing is difficult with tcp, easy with udp.

> So if my computer is on and online but all softwares are closed, not even
> the best hacker can communicate with it?

Right, as lonf as there are no vulnerabilities in the network protocol stack
of your operating system. You have to trust the vendor of the OS up to that
point.

> They can't start a program and continue from there?

How should anyone be able to start a software on a box that he cannot even
connect to?

> Then why do they tell us to install even more softwares?

Which is nonsense. More software means more code, thus more possible errors.
Safe systems are small systems.

> :) They want to make money of course.

That might be a reason.

Wolfgang

-- 
A foreign body and a foreign mind
never welcome in the land of the blind
Peter Gabriel, Not one of us, 1980