p2p, anonymity and security
bscott at ntisys.com
bscott at ntisys.com
Thu Mar 11 13:23:00 EST 2004
On Thu, 11 Mar 2004, at 12:04am, greg at freephile.com wrote:
> So, my first question...Is a Linksys Router doing 'firewall' duty and NAT
> easy to get past?
Absolutely. But not through the vectors you think.
Those SOHO routers are pretty simple. They do stateful tracking of TCP
and UDP, and block anything incoming that you didn't originate. For
example, someone trying to telnet into the root shell you have running on
TCP port 666 will be blocked.
It's the stuff you allow that is the problem. You say you have forward
some ports? What ports? What are you running on those ports?
For example: If you forward a port in for that root shell I mentioned,
anyone who finds that can take over your computer.
You mention you've installed some software. How trustworthy is this
software? If the software contains backdoors which grant remote access, it
won't matter how strong your firewall is -- because you've explicitly told
your firewall to allow the traffic. Or maybe the software contains no
deliberate exposures, but is so buggy that exploits are a dime a dozen. Or
maybe the design of the network protocol(s) it uses defeat your firewall.
Or whatever.
I have encountered many situations where a network with a very good
firewall is totally compromised by hostile software. A firewall won't help
if you download and install the attack vectors willingly.
--
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind. |
More information about the gnhlug-discuss
mailing list