|
Forum: Geek Forum Topic: Personal Firewalls and Windows started by: Observer Posted by Observer on Oct. 11 2001,23:03
So I was chatting with someone and they mentioned that they run a firewall to keep the kiddies out of their box. It got me thinking, why run a personal firewall if:
If those criteria are met, isn't a personal firewall just a waste of resources? Other than a ping flood, what could a person gain by portscanning your computer? Now I realize with NT/2K there are some ports that would have to be blocked, but I wondered what all your experience has led you to believe. ------------------ Posted by MattimeoZ80 on Oct. 11 2001,23:14
i run zonealarm "just in case" (tm). i don't know, even if they can't hack, i still wouldn't want to be on a list of computers that can be pinged. zonealarm hasn't interfered with anything so far; you can set what programs can receive incoming connections and whatnot, and best of all its free.
Posted by CatKnight on Oct. 11 2001,23:31
zonealaram is useful for preventing some programs from having internet access (like windvd...why the fuck does windvd need to connect to the internet?). Unfortunately it is really useless otherwise because programs can still do stuff you don't want them to do. For example, in order to surf the web you have to give access to win32 services. other programs can use it to get out, bypassing zone alarm. it can't distunguish from legitimate uses and harmful stuff within a program.
Posted by askheaves on Oct. 12 2001,00:07
I have ISA set up on my server computer, with all ports wide open, no patches installed, and directly connected to the internet. I think it's time I learn something about networking.
Posted by Beldurin on Oct. 12 2001,14:04
quote: lol...naw, you sound a lot like the network admin at my last job. Personally, I run my house behind a linux router which acts as a pseudo firewall. I just disabled ftp and telnet on it, installed ssh, set the hosts.deny to all and the hosts.allow to a set list if IP's that I could possibly be connecting from (work, my friend's house, etc.). This works well enough for me. ------------------ quote: Never argue with an idiot...he may be doing the same thing Posted by incubus on Oct. 12 2001,21:45
Do you run ipchains too?
Posted by Spydir on Oct. 12 2001,22:54
iptables! natd! nt connection sharing! wait...------------------ Posted by Beldurin on Oct. 13 2001,02:31
quote: But of course. ------------------ quote: Never argue with an idiot...he may be doing the same thing Posted by askheaves on Oct. 13 2001,04:18
quote: If it's a default setting for ISA, then I'm running it baby! Posted by Beldurin on Oct. 13 2001,04:22
quote: Wait, by ISA do you mean MS's ISA? (Internet Security and Acceleration Server) If so, then you're NOT running ipchains...it's a UNIX/Linux feature that you use for IP forwarding, etc. ------------------ quote: Never argue with an idiot...he may be doing the same thing Posted by @$$h0l3 on Oct. 13 2001,14:07
quote: On an NT Server / Win2K Advanced Server box, it could take you a while to make sure the box won't accept any incoming connections. quote: If you don't run them that's great. But occasionally, your brain can not be working when your mouse finger is, and you will open up something that you know you shouldn't (like the "I Love you" virus when you get to work way too early and you see the VBS extension about .00000005 seconds after your finger has clicked for the second time. D'oh. Caught shit for months over that). A personal firewall will help keep your machine from being a drone if the right trojan somehow lands on your machine. quote: The personal firewall can help you look at your traffic patterns, and be helpful in a fuckup should you be tired/drunk/stoned/let a moron use your computer. In addition to the ping flood, there was a set of attacks to the TCP/IP stack that were discovered, but never seen in the wild. They exploited the different wait states of a connection (waiting for a FIN1, waiting for a FIN2, lots of others) and were quite successful at bringing down well-tuned machines. Then you also have things like malformed packets that make some versions of windows BSOD. The personal firewall may not help in all of these, which is why I recommend what I do below.
quote: It is a pain to get NT (2K may be easier, haven't tried yet) to stop listening on every port. That's why I say go with a standalone firewall. The netbsd firewall project (www.dubbele.com) is stupid-simple to setup. It will run on just about anything with 2 NIC's (mine is a P120 with 24MB of RAM). It's not that hard to make changes to either. Plus, if you're sharing a connection with somebody, it's pretty easy to show them traffic and say, "it's not the firewall." My current setup has 3 desktops and 2 laptops behind it, and I don't have any problems. So, I'd recommend that. And, if you like case modding, you'll have another machine to play with. My firewall has a window with 2 sound activated neons in it. Make fun if you must.
Posted by Dark Knight Bob on Oct. 15 2001,20:43
started using tiny firewall for a while on my box just so i can get used to using it. now i got the my box hooked up to a home network and we are gonna put in internet sharing in a few weeks so i now know i can pretty much keep people fucking over my pc if my flatmates download some questinable "pr0n programs". plus i just like to know whats going on in my pc. i ind tinkering very interesting... any lego kid will tell you the same thing------------------ |