Re: choosing firewall and antivirus: Norton or McAfee ? And anonym
- From: "Alun Jones" <alun@xxxxxxxxxxxxx>
- Date: Thu, 29 Jun 2006 13:38:45 -0700
"unstablemicrosoft" <unstablemicrosoft@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:F160B067-B490-4540-9931-C0B84A342A53@xxxxxxxxxxxxxxxx
Can someone please explain that statement:
"Consider this - if at any stage a protocol assumes that it can use your
IP
address as an identifier for you, you can be spoofed if your firewall is
stealthed, whereas a non-stealth firewall will issue a reset, causing the
spoofee to reject the spoofed data traffic. The Internet is built on some
fairly robust standards, and you should be cautious about anything that
ignores those standards, even in the name of security"
A non-stealth firewall causing a reset ? With regard to spoofing ? I
REALLY,
REALLY, don't understand that. No offense, but it doesn't seem to make
sense.
I have received spoof email messages even though my current firewall is
NOT
stealthed.
Spoofed email messages have nothing to do with spoofing a TCP connection.
Let's put it a little more technically.
In the absence of a firewall, the attacker's machine A pretends to be the
user's machine U, and connects to the server machine S.
S responds to U, saying "I accept your connection".
U says "What? I didn't make a connection - go away!"
S closes the connection.
As you can see, machine A has managed only to make S and U exchange a packet
each, and A has not been able to do anything as U.
Now, suppose that U is behind a stealthed firewall.
A pretends to be U and connects to server S.
S responds to U, saying "I accept your connection"
A pretends to be U and tells S "Thank you for accepting me, here's a command
I'd like you to do"
S believes that it received the command from U, and U hasn't told it to go
away, so S executes the command.
This is entirely different from spoofing email. Get email out of your head.
It seems I can make the firewall of my router stealthed (looks like that,
according to several tests). Except port 0 and 1. Does having port 0 and 1
non-stealthed make the "stealth" useless ? Aside from certain specific
trojans and worms I'd guess that having even ONE port non-stealhed makes
the
"other" stealth useless. Am I wrong ?
That depends - do you have any protocols running on ports zero and one? I'm
not sure you even _can_ get a protocol running on port zero with regular
socket APIs, since zero in bind() means "assign me a random port".
Realistically, what do you think you gain by "stealthing" your ports? If
you can't succinctly answer that, consider whether it's of any use.
Alun.
~~~~
.
- References:
- Prev by Date: Remote Desktop for Windows Server 2003
- Next by Date: Re: Computer Hijack
- Previous by thread: Re: choosing firewall and antivirus: Norton or McAfee ? And anonym
- Next by thread: Re: choosing firewall and antivirus: Norton or McAfee ? And anonymity
- Index(es):
Relevant Pages
|
