1. Home
  2. Networking Firewalls
  3. drop or reject
  4. Page 2

drop or reject

That's about the size of it. If you are connected, the device you are connected to knows this, and it does not then tell the world that you don't exist. Some have taken firewall appliances (stand-alone devices) and used these to send that 'the destination doesn't exist' message, but this is detectable rather easily in the case of the home user because that box is actually doing NAT or Port Forwarding, and thus the address of the device is the one being targeted - you just happen to be forwarding those packets to the "real" computer offering the service. Also, by studying the packet headers (flags, options, TTL, window size, sequence numbers, etc.), it's often possible to identify at the very least, the operating system, and version. There is a company in Europe that was used as a spam support site, and using traceroute I could see them blocking pings at their perimeter router, which seems to have been a Cylades. But using other common network tools (several of which are even available for windoze users), I could also see there was a Cisco 7000 router behind that and then their internal network which seemed to be a mix of W2k and 98SE.

Bottom line - if you know what to look for, and use the right tools to look for it, there is a lot of things that you can discover.

Old guy

Reply to
Moe Trin
Loading thread data ...

Understood - but I'm not sure how many exist. Our solution is to make it very hard for the non-privileged user to install anything that can be used for privilege escalation. For us, the network aspect isn't often a factor there.

OK, remember, I'm not using windoze. But the "popular" Linux distributions are somewhat similar. The last version of Red Hat Linux offered the user the following install options (straight out of the RELEASE-NOTES for fc3):

  • Custom Installation (Minimal): 620MB * Server: 1.1GB * Personal Desktop: 2.3GB * Workstation: 3.0GB * Custom Installation (Everything): 6.9GB

You wanna guess what the average newbie installs? You got it!

One very simple solution is to not install that applications as network enabled, and then offer a switch function to allow the application to be usable over the local network only. This could be handled by a crude firewall, or even by setting TTL to 1, as is already a requirement of the Link-Local (zero-conf) network setup.

formatting link
formatting link
There are over a hundred different Linux distributions. The average distributor releases a new version 2 to 3 times a year. The *BSDs (there are three of those) have a similar release cycle. Sure they are after a more computer-savy user, but it can be done.

Despite the posturing by microsoft, security doesn't sell very well, whether in computers, cars, or food items. The average computer user doesn't know what he wants. The average user wants fries with that, if prompted. But then, in the overwhelming majority of cases, the average computer user doesn't know what a computer is doing, and doesn't want to know.

Old guy

Reply to
Moe Trin

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.