Is there a risk with firewalls? - Page 5

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Re: Is there a risk with firewalls?
Sebastian G. wrote:

Quoted text here. Click to load it

interesting


not for lack of trying!!

I vaguely recall an issue or issues that stopped me.

I wanted to analyse what connections were going on using netstat, but
once a connection is established, you can't know for sure if it's
incoming or outgoing. You have to guess based on port number (whether
the port number is high or low). I wasn't content with that.

I guess the term I should use is that netstat is not stateful.


What methods are there, to know if an established connection is
incoming or outgoing?

I did at one point use ethereal with a filter, that worked. But i'm
interested in other methods.

Also, one weakness with ethereal used as a local port monitor, is ,
unlike netstat, it doesn't show what process is using a port. Not
suprising, since 'by concept' it's not meant for that 'cos the process
id is not in a packet!

Another thing I wanted to test further.. 2 comps A and B communicating
with MSN v6.x or later, sending each other a file.
(I've since read that it might use a 'relay server', server sits in the
middle, and A nd B make an outgoing to that)
But anyhow, I recall seeing B's ip , and the connection was was
incoming
71.4.5.2:1118  TO 192.168.0.2:2344
And I thought.. hang on, my router isn't port forwarding 2344, is it?
I did an online port scan and it didn't show it as open (though maybe
that was irrelevant since it turned out that it wasn't open locally
either)
I did a local port scan , from another comp on my lan, and it said
closed or filtered. Not open.

I didn't understand that.  And in retrospect, i'm still puzzled,  maybe
it was only open to that 71... ip. but I didn't know how to spoof that
to check, I guess i could've asked the friend to scan from his comp.

I don't think my router had that port open.. Maybe it was acting a bit
like some proxies (the ones kids might use at school to get out of a
firewall). I don't mean like a proxy in changing the source ip to its
own, but, in changing the TCP port. So maybe one port - not 2344 - was
being port forwarded by my router,  and through it I was getting
incoming connections to my comp at other ports.

I didn't and still don't know how to analyse that further.

and the speedtouch NAT router i have at the moment has such an ugly GUI
I can't see what it's port forwarding in one screen.  It's reliable
though, unlike previous ones i've had.








  

  


Re: Is there a risk with firewalls?
"Sebastian G." wrote:
Quoted text here. Click to load it

Sebastian, Interesting... I'm about to buy a NAT firewall, any ideas on what
manufacturers, models or features I should look for? Thanks!



Re: Is there a risk with firewalls?
"Leythos" wrote:

Quoted text here. Click to load it

Thanks a lot Leythos!



Re: Is there a risk with firewalls?
nospam@no.spam says...
Quoted text here. Click to load it

If you need something more, there are a LOT of firewall in the $300 to
$500 range that can do even more.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?
"Leythos" wrote:
Quoted text here. Click to load it

My problem is that I'm not completely sure on the features I need. I do not
trust a flat and cheap router ($30). A hardware router & firewall hardware
sounds like it will protect me better. I have learned a lot about NAT, and
the importance of SPI features. Also I do know that some manufacturers are
really bad or irresponsible and they have released so many firmwares, and
patches. I'm not sure about the feature details in the administration of the
firewall, but my learning is in process. I do not place limits on my
learning as long as the gain is to know how to protect myself. Budget is
limited though, but it will be great to know what I'm missing for not paying
beyond more than $400.

For what I have been researching, the difference I see beyond your
recommended solution is on the number of VPN connection (moving it to the
corporate way). I'm just looking to administer 1 PC, 1 laptop, and a testing
server. If I ever VPN will be just 1 connection (me), I'm quite paranoid ;)
I'm going to have a laptop wireless, I'm also looking for a WiFi feature of
the hardware (as long as I can properly secure it just for my laptop's use).
I appreciate your assistance.



Re: Is there a risk with firewalls?
nospam@no.spam says...
Quoted text here. Click to load it

Many of the low end appliances, like the DFL-700, will do what you want
and provide a level of protection as long as you implement ALL of the
other security measures, a firewall won't protect you from most exploits
or from yourself.

The higher end units have additional protection features, can detect
attacks of specific types, can filter content out of inbound SMTP (if
you have your own email server), can filter content out of HTTP sessions
(The DFL-700 does this too) so that you can block things like active-x,
JS, exe, bad, scr, etc... downloads..... You also get good logging in
most cases.

I've got a lot of friends that have simple BEFSR41 units that practice
safe-hex and don't need anything more than the cheap NAT router and
they've not been compromised either. The difference is that they follow
the standards for save internet/network/device access.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?


nospam@no.spam says...
Quoted text here. Click to load it

Do you want a Firewall that does NAT or a NAT Router that says it's a
Firewall - there is a very big difference?

What are you doing from behind your internet connection?

Do you have a website that you allow the public access too?

Do you share files?

Do you have a FTP site?

How much do you want to spend?

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?


"Leythos" wrote:
Quoted text here. Click to load it

Oops!.. Sorry for the missing info. I like the fact of having a NAT router
as a first line of defense. Then I would like a software firewall so I
control what my program connects to (like that nasty svchost.exe that I
always blocked). After a year I had to uninstall the Sunbelt-Kerio firewall,
becuase I had it with so many issues after upgrading to new releases.

Quoted text here. Click to load it

No much, just the ussual: a desktop PC with XP SP2 and Web browsing, email
client, rss client, IM, news client, antivirus, and P2P.

Quoted text here. Click to load it

Nope. I was told I needed to pay a static IP address. So I abandoned the
idea long ago.

Quoted text here. Click to load it

Nope. I was adviced that if my PC was the only one on a network I needed to
turn the Microsoft Print and Sharing off. I may get a laptop later though.

Quoted text here. Click to load it

Nope.


Hmm... I didn't think it could cost 2$$, but I don't have an unlimited
budget. I'll have to think about it more after I see the range.



Re: Is there a risk with firewalls?


nospam@no.spam says...
Quoted text here. Click to load it

Forget the soft firewall as being effective and being any real means of
protection - in most cases it's going to get compromised at some point
and the soft firewall isn't going to protect you. On the flip side I've
seen ZAP protect a home user for years with a direct connection (no NAT)
to the internet...

Quoted text here. Click to load it

I like the D-Link DFL-700 because it has real blocking methods, real DMZ
and LAN networks, acts as a PPTP server and can provide port forwarding
inbound based on you authenticating with the device first....

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?

OH MY GOD, you're actually being civil. What came over you? Is this a new
you?

I am proud of you, keep up the good work and hang in there.


Re: Is there a risk with firewalls?

Quoted text here. Click to load it

He'll never get the message. He has not gotten the message to date,  and
it's been made  obvious to him by a few people in this NG over a several
months period.

It's really a shame about him. He obviously has great knowledge or seems to
have the knowledge.

But he is so messed-up as Human Being that he is beyond help with his
teaching methods,  mannerisms, and in general,  a lack of basic knowledge on
how to treat people.

He has dragged the NG down to the point that no one wants to make a post in
this NG, because he is liable to show and start going out of control. :(


Re: Is there a risk with firewalls?
Mr. Arnold wrote:

Quoted text here. Click to load it

He is very technical. You, Duane Arnold, are much much worse in your
way!

Remember,
software/hardware Firewall tradeoff  in comp.security.firewalls
Aug 2006
http://groups.google.com/group/comp.security.firewalls/browse_frm/thread
/a7e5dda7363a93bf/a6b4bdb06b7f97e7


and that referred to
The thread was called
It had a fantastic discussion, really interesting. But you ruined it
somewhat. But nevertheless, it's still good

"56k dial up on laptop 802.11G ?"  in alt.internet.wireless
http://groups.google.com/group/alt.internet.wireless/browse_frm/thread/c
132d2059daa241b/d796ef5184680e55?lnk=st&q=%2256k+dial+up+on+laptop+802.1
1G+%3F%22++in+alt.internet.wireless+&rnum=1#d796ef5184680e55

And this was on the same subject. You have a history of being a
nuisance, far more so than the person you are targetting today.

your style is predictable, you don't discuss the nitty gritty,or share
knowledge. You just say 'do it this way', and after posts and post of
you avoiding discussion when faced with somebody knowledgeable enough,
, or of you avoiding duscsion anyway, and name-calling, your method
comes out.. you say that your stuff is based on conclusions from those
you call the top guns of the newsgroup, and you accept it. Very well,
but not so good if you try to argue their case. At least quote them.

As time goes by, you may improve a tiny little bit, when you learn a
little more from your 'top guns'.  But when faced with aruging with
somebody knowledgeale whose position is different to one of your 'top
guns' you go back to name-calling and personal attacks

 
So, Duane Arnold, one option for you, is to realise you have a problem
. Then stop the personal attacks against people you can't debate with,
and people you could partially debate with.



 


Re: Is there a risk with firewalls?
LOL, I have a fan. :)

However, until today,  I have not noticed you before until this post. I
don't see you helping anyone anywhere. I wonder why? And SG is more
technical is a joke too. The boy couldn't technique his way out of a paper
sack, and nether can you.

<Plank> that's a soft logical <plonk> and go crawl back into your hole, with
SG. :)


Re: Is there a risk with firewalls?
Quoted text here. Click to load it
Guess you are referring to a software firewall.
My Sygate firewall has the two following selectible items:
1. Automatically load Sygate personal firewall service at
   startup.
2.Block all traffic while service is not loaded.
These prevent the "gap"
 
Am running Sygate Pro 5.5 b 2710 and its a good one.
Sygate was bought out and is not being supported any more.
If you use a good one, it needs few if any updates--its not
like an AV program.

There are free versions 5.5 b 2710 and 5.6 b 2808
available at:
http://www.oldversion.com/program.php?n=sygate

I didn't read all the many posts that followed your post.
(Guess they really gave you "heck" about using a software
firewall-thats common place here)
Sygte should fix you up.
Casey

Re: Is there a risk with firewalls?
says...
Quoted text here. Click to load it
Am running 5.5 on Win98.  Think 5.6 works on everything
up to and including XP.
C

Re: Is there a risk with firewalls?
Casey wrote:


Quoted text here. Click to load it


This is, of course, nonsense. Where's talking about the time between the
initialization of the TCP/IP stack and the startup of the packet filtering
*driver*. Who cares if the drives blocks everything when the service is not
loaded if the driver isn't loaded yet either?

Beside that, Sygate stuff is horribly insecure as well.

Site Timeline