p2p, anonymity and security

Greg Rundlett greg at freephile.com
Fri Mar 12 12:24:25 EST 2004



bscott at ntisys.com wrote:

>On Thu, 11 Mar 2004, at 12:04am, greg at freephile.com wrote:
>  
>
>>So, my first question...Is a Linksys Router doing 'firewall' duty and NAT
>>easy to get past?
>>    
>>
>
>  Absolutely.  But not through the vectors you think.
>
>  Those SOHO routers are pretty simple.  They do stateful tracking of TCP
>and UDP, and block anything incoming that you didn't originate.  For
>example, someone trying to telnet into the root shell you have running on
>TCP port 666 will be blocked.
>
>  It's the stuff you allow that is the problem.  You say you have forward
>some ports?  What ports?  What are you running on those ports?
>
>  For example: If you forward a port in for that root shell I mentioned,
>anyone who finds that can take over your computer.
>
>  You mention you've installed some software.  How trustworthy is this
>software?  If the software contains backdoors which grant remote access, it
>won't matter how strong your firewall is -- because you've explicitly told
>your firewall to allow the traffic.  Or maybe the software contains no
>deliberate exposures, but is so buggy that exploits are a dime a dozen.  Or
>maybe the design of the network protocol(s) it uses defeat your firewall.  
>Or whatever.
>
>  I have encountered many situations where a network with a very good
>firewall is totally compromised by hostile software.  A firewall won't help
>if you download and install the attack vectors willingly.
>
>  
>
Thanks Ben,

You confirm that I actually do know a few things about security and how 
my hardware works.    I heard a remark recently that the Linksys router 
wasn't a firewall at all.  And the real meaning of that is that security 
must be measured in a broader context than just asking if 'x' will keep 
me safe.

-- 
FREePHILE
We are 'Open' for Business
Free and Open Source Software
http://www.freephile.com
(978) 270-2425
"Language shapes the way we think, and determines what we can think about."
-- B. L. Whorf

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20040312/9ad38eec/attachment.html


More information about the gnhlug-discuss mailing list