Hard Light Productions Forums
Off-Topic Discussion => General Discussion => Topic started by: Flaser on September 10, 2003, 05:30:30 pm
-
I've just recently started using a more decent firewall and the results were shocking: we're being hammered every moment when on-line.
Now, this relevation is nothing new, though having it blown into your face is another story.
For those who would like to try out something and out of curiosity I'd like to share your ideas and experiences on the subject.
-
The windows XP firewall, believe it or not, is pretty solid. It covers up all of your ports if you don't allow things in. It doesn't check outgoing comms though, so if you aren't running a virus scanner (which you should be) it can be bypassed with a Trojan. If you are trying to make your computer secure online, it's too well integrated to bother with an independent program.
-
That's another reason to stick with my trusted windows 2000 (the best from the windows serie I've used so far...).
-
Norton Internet Security and Sygate.
Go here (http://securityresponse.symantec.com/) and click on CHECK FOR SECURITY RISKS (at the bottom of the page) and see how well protected you are.
EDIT: It seems that my ping port is open and others are stealth. How do I make the ping bastard stealthed?
-
I haven't gotten around to setting it up but anyway, I use iptables on linux.
-
Transparent IP-less OpenBSD firewall.
In the Firewall world its the equivalent of "Nuke the place from orbit: its the only way to be sure."
-
Software: ZoneAlarm is very good... i've never had a problem with it. back in the day i used BlackIce Defender... never had problems with that, but i don't know what's happened to it now...
then there's hardware firewalls you could use... but ZoneAlarm is very good, and Free
-
This is worth a read if you're really looking at 'personal firewall' software, or trust the Windows builtin 'firewall'. Read it carefully. I agree with the guy on almost every count.
http://www.samspade.org/d/firewalls.html
-
Zonealarm is the only firewall I know of that will regulate outbound traffic as well as inbound traffic. I highly recommend it.
-
I don't use a firewall at all. Ph33r.
-
Originally posted by Admiral LSD
I don't use a firewall at all. Ph33r.
You're in grave danger....
BTW I use Zone Alarm too. I also have to agree with the article, but with one exception - some personal firewalls do have their sense when dealing with TCP/IP transfer. I just hope mine fits into that category. The hard part is figuring out wheter it's true....(especially for your own expense)
On the other hand the best solution is still hardware based (I mean you use a separate computer to deal with the stuff) setup.
Still, having a personal firewall is still a lot better than being attacked with your pents down in a naked base Windows fashion.
-
Zone Alarm Pro :)
-
My Broadband router ( that I got from my ISP) has a hardware firewall. :D
-
Ph34r the 1337 router with two built in firewalls. Apparently we've got four ports open and nothing else. I'm told that's a good thing.
[EDIT] Ah-ha! Green lights across the board. Well, except for my virus software - seems AVG doesn't cut the mustard with the boys at Symantec. Suprisingly.
-
Originally posted by Flaser
You're in grave danger....
No, I'm not ;). A lot of what personal firewalls (including Zone Alarm, that program is one of the reasons I don't run a firewall, it's way too alarmist for its own good) report as "attacks" is relatively harmless script kiddy portscans and pings, nothing all that dangerous and personal firewalls could do well to suppress messages of that sort. The other thing that keeps me relatively safe is the fact I'm on dial-up with a dynamic IP.
-
Originally posted by Admiral LSD
No, I'm not ;). A lot of what personal firewalls (including Zone Alarm, that program is one of the reasons I don't run a firewall, it's way too alarmist for its own good) report as "attacks" is relatively harmless script kiddy portscans and pings, nothing all that dangerous and personal firewalls could do well to suppress messages of that sort. The other thing that keeps me relatively safe is the fact I'm on dial-up with a dynamic IP.
So did I believe - until I found at leat 3 trojans roaming on my system.
-
Firewall - ZoneAlarm
Anti-Virus - AVG
Also, check out AnalogX (www.analogx.com) he's got all kinds of nifty stuff free for the taking. I personally use MaxMem and will probably DL CacheBooster soon, not to mention POW, an effective pop-up window killer/preventer.
-
I use ZoneAlarm and a Norton firewall and never EVER run Gator. Gator can open up ALL of your points and let all kinds of **** in.
-
Gator is loaded with spyware. If you want to see if your system has any, head on over to www.lavasoft.de and download the free version of ad-aware.
-
I run Zone Alarm Pro on my main computer. I only ever had a problem with it once. I reported it and within a couple of days they released a fix. Maybe I wasn't the only person who reported the problem but that is probably the best tech support I've ever seen :D
-
I have a hardware firewall with my network router, but before that I didn't really use anything.
On a side note, does a dynamic IP help against these internet attacks in any way? I could get one that changes every few days, but would have to pay extra for it.
-
Dynamic IPs are false security. It doesn't matter if you have a moving target, worms and crackers don't discriminate: they tend to carpet bomb entire subnets.
-
Originally posted by Flaser
So did I believe - until I found at leat 3 trojans roaming on my system.
I'd say this is a fault with your operating system and selection of software, rather than the lack of a firewall.
-
you guys should try the "SHIELDS UP" and "PROBE MY PORTS" tests that are free and online.
go to google.com or yahoo.com and search for "SHIELDS UP" or "PROBE MY PORTS"... it'll tell you what to do, then it'll test your system, tell you what ports are responding, how to fix the problem, etc.
Also remember 99.99999% percent of the time when Zone Alarm or whatever says that "IP: 104.92.89358297923785235.whateverthehell is trying to access port: 28" it's harmless, probably just a website or something... but running no firewall is just asking for trouble.
-
I use Sygate Personal Firewall. It's free, tells me of incoming and outgoing internet requests, and supposedly may even punish attempting hackers? I read that somewhere but don't believe it...
The firewall, however is good. :nod:
I especially like the backtrace option. :)
-
Originally posted by Stealth
you guys should try the "SHIELDS UP" and "PROBE MY PORTS" tests that are free and online.
go to google.com or yahoo.com and search for "SHIELDS UP" or "PROBE MY PORTS"... it'll tell you what to do, then it'll test your system, tell you what ports are responding, how to fix the problem, etc.
Also remember 99.99999% percent of the time when Zone Alarm or whatever says that "IP: 104.92.89358297923785235.whateverthehell is trying to access port: 28" it's harmless, probably just a website or something... but running no firewall is just asking for trouble.
I agree with you on all except your last point. From experience as a web hosting administrator: if you're smart, you can get by without a firewall. When you're dealing with several hundred sites on a box, and several hundred thousand hits per day (sometimes millions) you can't spare clock cycles for a firewall. Locking down a box isn't that hard.
If you're knowledgeable you can get by without a firewall for a good long time (heck, my site was hosted for four years on NT4/IIS4. I seldom updated it, but it never caught so much as CodeRed).
Of course, if you can afford it get a nice little Sonic Wall (not great but it'll do) or a PIX (better but still not great) or build a transparent, IP-less, OpenBSD firewall booted from a CD-ROM and running entirely in memory. (best choice :))
-
Originally posted by Flaser
So did I believe - until I found at leat 3 trojans roaming on my system.
Trojans are a different kettle of fish entirely, they generally can't get onto your system without external help, such as user error or some kind of security vulnerability. My folks have their email checked for viruses through our ISP, we run a local virus checker that updates itself automatically and I make sure I download all the critical Windows security updates when I see they're available.
Originally posted by mikhael
Dynamic IPs are false security. It doesn't matter if you have a moving target, worms and crackers don't discriminate: they tend to carpet bomb entire subnets.
I never said I relied on it completely, just that it was an extra layer of security reducing the need for me to run a firewall.
Originally posted by Stealth
you guys should try the "SHIELDS UP" and "PROBE MY PORTS" tests that are free and online.
go to google.com or yahoo.com and search for "SHIELDS UP" or "PROBE MY PORTS"... it'll tell you what to do, then it'll test your system, tell you what ports are responding, how to fix the problem, etc.
Also remember 99.99999% percent of the time when Zone Alarm or whatever says that "IP: 104.92.89358297923785235.whateverthehell is trying to access port: 28" it's harmless, probably just a website or something... but running no firewall is just asking for trouble.
I haven't had any major scares to date. Alright, thats a lie, I did catch a virus about 15 minutes after I transferred routing functions to my folks box after the external modem in my Linux router carked it (again) but that was simply because they were running Windows 98 with its oh-so-wonderful level of security on the SMB ports. Since upgrading the machine to Windows XP theres been no further problems.
Oh and Shields UP!, like the rest of Steve Gibson's pathetic web site, is pure garbage. Gibson is even more alarmist than every personal firewall product combined and he doesn't even get his facts straight most of the time either.
-
Originally posted by Admiral LSD
I never said I relied on it completely, just that it was an extra layer of security reducing the need for me to run a firewall.
That was in response to CP's question, Admiral. :)
Oh and Shields UP!, like the rest of Steve Gibson's pathetic web site, is pure garbage. Gibson is even more alarmist than every personal firewall product combined and he doesn't even get his facts straight most of the time either.
Gibson is a deeply scary paranoiac. He's right on a lot of stuff, but he's really gotta learn presentation.
-
Originally posted by mikhael
Gibson is a deeply scary paranoiac. He's right on a lot of stuff, but he's really gotta learn presentation.
I don't make a habit of reading a lot of his stuff I'll admit, but if it all follows the same style as his tirades on UPnP, which didn't originally state the flaw was actually in the SSDP service and not the UPnP service (now I know they're related but that isn't really the point, he should have mentioned it nonetheless) and couldn't bring himself to trust MS's patch even though the FBI could, or raw sockets, which you'll most likely know have been a part of the BSD/Unix TCP/IP stack for the better part of 30 years and have yet to be the source of a major problem or at least one of the magnitude he suggests, then I don't really want to.
-
Originally posted by diamondgeezer
Ph34r the 1337 router with two built in firewalls. Apparently we've got four ports open and nothing else. I'm told that's a good thing.
[EDIT] Ah-ha! Green lights across the board. Well, except for my virus software - seems AVG doesn't cut the mustard with the boys at Symantec. Suprisingly.
I have the same problem with my Norton Anti Virus 2002. It seems that it's a bit outdated, but i don't have money to buy a new one right now. As for your open ports, you should have them all STEALTHED like i do. Well except for my ping port. Can someone tell me how to stealth that one?
-
As it turns out they are all stealthed. I must have misunderstood what our resident techie told us, I've yet to get the hang of ports.
-
Originally posted by mikhael
OpenBSD firewall booted from a CD-ROM and running entirely in memory. (best choice :))
[color=66ff00]Could you point me in the direction of a FAQ or a guide for something like this?
OpenBSD is unix based isn't it?
[/color]
-
Originally posted by diamondgeezer
As it turns out they are all stealthed. I must have misunderstood what our resident techie told us, I've yet to get the hang of ports.
Make sure that Telnet port is closed because if it isn't anyone can practically use your computer from any point on the globe.
-
Maeg: Yes, OpenBSD is UNIX based. There are some guides, though it may be difficult without some unix experience.
Howto bootable cd: http://www.blackant.net/other/docs/howto-bootable-cdrom-openbsd.php
Howto Firewall: http://pintday.org/hack/docs/greenbox-install.shtml
-
Originally posted by Agent
Make sure that Telnet port is closed because if it isn't anyone can practically use your computer from any point on the globe.
:rolleyes:
You've got to have a telnet server running first and even though Windows 2000 and XP include one, to my knowledge it's disabled by default.
And besides, even if you left a telnet server running it only lets you have command line access which rules out abuse by virtually 100% of all script kiddy lamers as most of those won't even know what a command line is let alone how to drive one.
-
I use Norton Personal Firewall, I will go with my route firewall when I get DSL.
-
Originally posted by Kamikaze
Maeg: Yes, OpenBSD is UNIX based. There are some guides, though it may be difficult without some unix experience.
Howto bootable cd: http://www.blackant.net/other/docs/howto-bootable-cdrom-openbsd.php
Howto Firewall: http://pintday.org/hack/docs/greenbox-install.shtml
[color=66ff00]Very much obliged :nod: :yes:
[/color]
-
Originally posted by mikhael
I agree with you on all except your last point
well i'm sure if you know what you're doing you can get by fine without a firewall... i didn't even know what a firewall was between 1996 and late 1999, and i never had any trouble... but with all the crap that websites are encoded with today, without even a basic firewall, you're probably not going to get an actual hacker attack your computer, but you might from other programs and websites and stuff. also what you said is true, just a regular PC user doesn't have much to worry about, it's people like you with bigger machines and servers that do.
And I like Steve Gibson... i first discovered his website about 3 years ago (maybe a little less) and i read about 2 years ago about an incident he had with a 12 (?) year old kid who wrote a few scripts to hammer his server with requests. it was like 40 pages of how he finally found who it was, what he had to do to get there, and what happened in the end. after reading all of that (took me at leat half an hour just skimming through it) i really respected him for his knowledge, because he does seem to know what he's talking about.
:) :)
-
Originally posted by Stealth
And I like Steve Gibson... i first discovered his website about 3 years ago (maybe a little less) and i read about 2 years ago about an incident he had with a 12 (?) year old kid who wrote a few scripts to hammer his server with requests. it was like 40 pages of how he finally found who it was, what he had to do to get there, and what happened in the end. after reading all of that (took me at leat half an hour just skimming through it) i really respected him for his knowledge, because he does seem to know what he's talking about.
:) :)
Steve's reasonably clued but the man took his communications lessons from the missionaries that show up at his door on saturday and sunday mornings. Its hard to take him seriously when he's spewing like a fundie about the End of the [World|Internet]. He's just damned alarmist, paranoid, and scary. :D
-
I just ignore his rantings until they're backed up by at least one other site. Hell, I'd even take the Enquirer's word over that of grc ;)
Worked well so far, I haven't had any UPnP related attacks nor have my XP raw sockets gave me any trouble :p
-
Originally posted by Admiral LSD
Worked well so far, I haven't had any UPnP related attacks nor have my XP raw sockets gave me any trouble :p
Me neither. To hear some people speaking when this whole thing started you'd think that having UPnP installed on your computer was a recipie for instant computer death. All these people were complaining about a security flaw which while dangerous already had a patch released for it anyway.
I did say something to that end on here when someone posted a warning but everyone seemed convinced that I was wrong and UPnP had to be uninstalled immediately. :rolleyes:
-
Originally posted by karajorma
I did say something to that end on here when someone posted a warning but everyone seemed convinced that I was wrong and UPnP had to be uninstalled immediately. :rolleyes:
it's ignorance... if one person says one thing and two people say another... all the ignorant ones will go for the majority rule... and try to back it up with some 'proof' they pulled out of their ass
-
But if three people say there is a problem, two say it isn't as bad as the third and the third also has a history of beating things up to a ridiculous extreme, who would you believe? Me, I'll believe the other two every time, particularly if one is the FBI.
-
Zone Alarm Pro :P
Norton 2003 AV
ya I waste money, so what