Re: choosing firewall and antivirus: Norton or McAfee ? And anonym
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 27 Jun 2006 11:51:05 -0500
Don't worry about sheathed versus closed as you want to worry about open
ports that should not be open. As Phillip said a closed port will respond to
a computer trying to access it on the service that it is not available. This
can be useful for troubleshooting but in any event it will not allow access.
A stealth port just means it can not be detected at all and may or may not
be open behind the firewall. If the stealthed port is also closed behind the
firewall then there is no way to spoof it anyhow. Spoofing of IP traffic
generally means tricking the firewall or computer into thinking the traffic
is authorized/trusted such as traffic from the same network as the computer
is on. Almost any firewall/internet router currently available that I am
aware of these days will or can be configured to reject IP traffic from the
internet that shows the same source network IP as the network behind the
firewall or from source private IP address ranges. I would expect that
current generation internet routers in particular would do that by default
but to be sure one should refer to documenation or the vendor's website. The
network portion of a typical class C network IP is the first three octets.
So for an IP of 192.168.1.55 subnet 255.255.255.0 the network address is
192.168.1.xxx . and the xxx would be the host addresses though you don't use
0 or 255 . Spoofed email is totally different so do not confuse the two.
Email spoofing generally involves you getting email from someone other than
who you think it is. In other words the email says it is from your best
buddy Joe with an attachment but it really is from hacker boy and the
attachment is malware.
So to answer your question IMHO no matter what the scare websites say that
are trying to sell you their product or service you have nothing to worry
about with your current firewall configuration. Also ports 0 and 1 are
almost never scanned for in a port scan. Most port scans would target
specific list of ports for efficiency, and not sending off alarms, instead
of scanning 0 - 65,535 which would take a long long time and would probably
only be done against a "high value" target.
Steve
"unstablemicrosoft" <unstablemicrosoft@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:F160B067-B490-4540-9931-C0B84A342A53@xxxxxxxxxxxxxxxx
Can someone please explain that statement:
"Consider this - if at any stage a protocol assumes that it can use your
IP
address as an identifier for you, you can be spoofed if your firewall is
stealthed, whereas a non-stealth firewall will issue a reset, causing the
spoofee to reject the spoofed data traffic. The Internet is built on some
fairly robust standards, and you should be cautious about anything that
ignores those standards, even in the name of security"
A non-stealth firewall causing a reset ? With regard to spoofing ? I
REALLY,
REALLY, don't understand that. No offense, but it doesn't seem to make
sense.
I have received spoof email messages even though my current firewall is
NOT
stealthed.
It seems I can make the firewall of my router stealthed (looks like that,
according to several tests). Except port 0 and 1. Does having port 0 and 1
non-stealthed make the "stealth" useless ? Aside from certain specific
trojans and worms I'd guess that having even ONE port non-stealhed makes
the
"other" stealth useless. Am I wrong ?
Thank you.
.
- References:
- Prev by Date: Re: choosing firewall and antivirus: Norton or McAfee ? And anonym
- Next by Date: Re: choosing firewall and antivirus: Norton or McAfee ? And anonym
- Previous by thread: Re: choosing firewall and antivirus: Norton or McAfee ? And anonym
- Next by thread: Re: choosing firewall and antivirus: Norton or McAfee ? And anonym
- Index(es):
Relevant Pages
|
