[CP5670]

I have a hardware firewall with my network router, but before that I didn't really use anything.

On a side note, does a dynamic IP help against these internet attacks in any way? I could get one that changes every few days, but would have to pay extra for it.

[mikhael]

Dynamic IPs are false security. It doesn't matter if you have a moving target, worms and crackers don't discriminate: they tend to carpet bomb entire subnets.

[Kamikaze]

Originally posted by Flaser


So did I believe - until I found at leat 3 trojans roaming on my system.

I'd say this is a fault with your operating system and selection of software, rather than the lack of a firewall.

[Stealth]

you guys should try the "SHIELDS UP" and "PROBE MY PORTS" tests that are free and online.

go to google.com or yahoo.com and search for "SHIELDS UP" or "PROBE MY PORTS"... it'll tell you what to do, then it'll test your system, tell you what ports are responding, how to fix the problem, etc.

Also remember 99.99999% percent of the time when Zone Alarm or whatever says that "IP: 104.92.89358297923785235.whateverthehell is trying to access port: 28" it's harmless, probably just a website or something... but running no firewall is just asking for trouble.

[Taristin]

I use Sygate Personal Firewall. It's free, tells me of incoming and outgoing internet requests, and supposedly may even punish attempting hackers?  I read that somewhere but don't believe it...

The firewall, however is good.

I especially like the backtrace option.

[mikhael]

Originally posted by Stealth
you guys should try the "SHIELDS UP" and "PROBE MY PORTS" tests that are free and online.

go to google.com or yahoo.com and search for "SHIELDS UP" or "PROBE MY PORTS"... it'll tell you what to do, then it'll test your system, tell you what ports are responding, how to fix the problem, etc.

Also remember 99.99999% percent of the time when Zone Alarm or whatever says that "IP: 104.92.89358297923785235.whateverthehell is trying to access port: 28" it's harmless, probably just a website or something... but running no firewall is just asking for trouble.

I agree with you on all except your last point. From experience as a web hosting administrator: if you're smart, you can get by without a firewall. When you're dealing with several hundred sites on a box, and several hundred thousand hits per day (sometimes millions) you can't spare clock cycles for a firewall. Locking down a box isn't that hard.

If you're knowledgeable you can get by without a firewall for a good long time (heck, my site was hosted for four years on NT4/IIS4. I seldom updated it, but it never caught so much as CodeRed).

Of course, if you can afford it get a nice little Sonic Wall (not great but it'll do) or a PIX (better but still not great) or build a transparent, IP-less, OpenBSD firewall booted from a CD-ROM and running entirely in memory.  (best choice )

[Admiral LSD]

Originally posted by Flaser


So did I believe - until I found at leat 3 trojans roaming on my system.

Trojans are a different kettle of fish entirely, they generally can't get onto your system without external help, such as user error or some kind of security vulnerability. My folks have their email checked for viruses through our ISP, we run a local virus checker that updates itself automatically and I make sure I download all the critical Windows security updates when I see they're available.

Originally posted by mikhael
Dynamic IPs are false security. It doesn't matter if you have a moving target, worms and crackers don't discriminate: they tend to carpet bomb entire subnets.

I never said I relied on it completely, just that it was an extra layer of security reducing the need for me to run a firewall.

Originally posted by Stealth
you guys should try the "SHIELDS UP" and "PROBE MY PORTS" tests that are free and online.

go to google.com or yahoo.com and search for "SHIELDS UP" or "PROBE MY PORTS"... it'll tell you what to do, then it'll test your system, tell you what ports are responding, how to fix the problem, etc.

Also remember 99.99999% percent of the time when Zone Alarm or whatever says that "IP: 104.92.89358297923785235.whateverthehell is trying to access port: 28" it's harmless, probably just a website or something... but running no firewall is just asking for trouble.

I haven't had any major scares to date. Alright, thats a lie, I did catch a virus about 15 minutes after I transferred routing functions to my folks box after the external modem in my Linux router carked it (again) but that was simply because they were running Windows 98 with its oh-so-wonderful level of security on the SMB ports. Since upgrading the machine to Windows XP theres been no further problems.

Oh and Shields UP!, like the rest of Steve Gibson's pathetic web site, is pure garbage. Gibson is even more alarmist than every personal firewall product combined and he doesn't even get his facts straight most of the time either.

[mikhael]

Originally posted by Admiral LSD

I never said I relied on it completely, just that it was an extra layer of security reducing the need for me to run a firewall.

That was in response to CP's question, Admiral.

Oh and Shields UP!, like the rest of Steve Gibson's pathetic web site, is pure garbage. Gibson is even more alarmist than every personal firewall product combined and he doesn't even get his facts straight most of the time either.

Gibson is a deeply scary paranoiac. He's right on a lot of stuff, but he's really gotta learn presentation.

[Admiral LSD]

Originally posted by mikhael
Gibson is a deeply scary paranoiac. He's right on a lot of stuff, but he's really gotta learn presentation.

I don't make a habit of reading a lot of his stuff I'll admit, but if it all follows the same style as his tirades on UPnP, which didn't originally state the flaw was actually in the SSDP service and not the UPnP service (now I know they're related but that isn't really the point, he should have mentioned it nonetheless) and couldn't bring himself to trust MS's patch even though the FBI could, or raw sockets, which you'll most likely know have been a part of the BSD/Unix TCP/IP stack for the better part of 30 years and have yet to be the source of a major problem or at least one of the magnitude he suggests, then I don't really want to.

[Agent]

Originally posted by diamondgeezer
Ph34r the 1337 router with two built in firewalls. Apparently we've got four ports open and nothing else. I'm told that's a good thing.

[EDIT] Ah-ha! Green lights across the board. Well, except for my virus software - seems AVG doesn't cut the mustard with the boys at Symantec. Suprisingly.

I have the same problem with my Norton Anti Virus 2002. It seems that it's a bit outdated, but i don't have money to buy a new one right now. As for your open ports, you should have them all STEALTHED like i do. Well except for my ping port. Can someone tell me how to stealth that one?

[diamondgeezer]

As it turns out they are all stealthed. I must have misunderstood what our resident techie told us, I've yet to get the hang of ports.

[Martinus]

Originally posted by mikhael
OpenBSD firewall booted from a CD-ROM and running entirely in memory.  (best choice )

[color=66ff00]Could you point me in the direction of a FAQ or a guide for something like this?

OpenBSD is unix based isn't it?
[/color]

[Agent]

Originally posted by diamondgeezer
As it turns out they are all stealthed. I must have misunderstood what our resident techie told us, I've yet to get the hang of ports.

Make sure that Telnet port is closed because if it isn't anyone can practically use your computer from any point on the globe.

[Kamikaze]

Maeg: Yes, OpenBSD is UNIX based. There are some guides, though it may be difficult without some unix experience.

Howto bootable cd: http://www.blackant.net/other/docs/howto-bootable-cdrom-openbsd.php

Howto Firewall: http://pintday.org/hack/docs/greenbox-install.shtml

[Admiral LSD]

Originally posted by Agent
Make sure that Telnet port is closed because if it isn't anyone can practically use your computer from any point on the globe.

You've got to have a telnet server running first and even though Windows 2000 and XP include one, to my knowledge it's disabled by default.

And besides, even if you left a telnet server running it only lets you have command line access which rules out abuse by virtually 100% of all script kiddy lamers as most of those won't even know what a command line is let alone how to drive one.

[HotSnoJ]

I use Norton Personal Firewall, I will go with my route firewall when I get DSL.

[Martinus]

Originally posted by Kamikaze
Maeg: Yes, OpenBSD is UNIX based. There are some guides, though it may be difficult without some unix experience.

Howto bootable cd: http://www.blackant.net/other/docs/howto-bootable-cdrom-openbsd.php

Howto Firewall: http://pintday.org/hack/docs/greenbox-install.shtml

[color=66ff00]Very much obliged
[/color]

[Stealth]

Originally posted by mikhael


I agree with you on all except your last point

well i'm sure if you know what you're doing you can get by fine without a firewall... i didn't even know what a firewall was between 1996 and late 1999, and i never had any trouble... but with all the crap that websites are encoded with today, without even a basic firewall, you're probably not going to get an actual hacker attack your computer, but you might from other programs and websites and stuff.  also what you said is true, just a regular PC user doesn't have much to worry about, it's people like you with bigger machines and servers that do.

And I like Steve Gibson... i first discovered his website about 3 years ago (maybe a little less) and i read about 2 years ago about an incident he had with a 12 (?) year old kid who wrote a few scripts to hammer his server with requests.  it was like 40 pages of how he finally found who it was, what he had to do to get there, and what happened in the end.  after reading all of that (took me at leat half an hour just skimming through it) i really respected him for his knowledge, because he does seem to know what he's talking about.

[mikhael]

Originally posted by Stealth

And I like Steve Gibson... i first discovered his website about 3 years ago (maybe a little less) and i read about 2 years ago about an incident he had with a 12 (?) year old kid who wrote a few scripts to hammer his server with requests.  it was like 40 pages of how he finally found who it was, what he had to do to get there, and what happened in the end.  after reading all of that (took me at leat half an hour just skimming through it) i really respected him for his knowledge, because he does seem to know what he's talking about.

Steve's reasonably clued but the man took his communications lessons from the missionaries that show up at his door on saturday and sunday mornings. Its hard to take him seriously when he's spewing like a fundie about the End of the [World|Internet]. He's just damned alarmist, paranoid, and scary.

[Admiral LSD]

I just ignore his rantings until they're backed up by at least one other site. Hell, I'd even take the Enquirer's word over that of grc

Worked well so far, I haven't had any UPnP related attacks nor have my XP raw sockets gave me any trouble