Re: Intrusion detection
From: Wolfgang Kueter (wolfgang_at_shconnect.de)
Date: Wed, 23 Jun 2004 12:58:05 +0200
> I just use my computer for email, browsing
Use safe client sofwtare.
> and for access to some data services.
You mean file sharing (kazaa etc)? Simply forget security when using file
> I am a little confused.
That happens when firewall placebos are confronted with basics about network
> Let's see.. But it is better to close a program
> that holds a port open than to try to block ip:s?
Yes. A not existing service can neither be connected nor be expolited.
> Since you apparently can get around by spoofing.
IP spoofing is difficult with tcp, easy with udp.
> So if my computer is on and online but all softwares are closed, not even
> the best hacker can communicate with it?
Right, as lonf as there are no vulnerabilities in the network protocol stack
of your operating system. You have to trust the vendor of the OS up to that
> They can't start a program and continue from there?
How should anyone be able to start a software on a box that he cannot even
> Then why do they tell us to install even more softwares?
Which is nonsense. More software means more code, thus more possible errors.
Safe systems are small systems.
> :) They want to make money of course.
That might be a reason.
-- A foreign body and a foreign mind never welcome in the land of the blind Peter Gabriel, Not one of us, 1980