Re: firewall for a client
>Worms would be more of a threat, how ever the only service were even
>thinking about running is mldonky. The only way for a worm to infect >this
>PC would be a tcp/ip exploit, runing a firewall has a %50 chance of
>exposing a tcp/ip exloit. The other %50 goes to not running a >firewall.
>As far as trojans rootkits, it's vary common to be running a firewall >so
>you would think than any trojans rootkits would disable the firewall.
>There are better ways of dealing with this problem, especialy in >debian.
Thanks for the response. May I ask something of a different matter?
The place where am working we are running a n/w with w2k, wxp
workstations and , a rh samba server and a ubuntu server as router and
gateway, (am having 2 adls lines on two different ethernet adls modems
with builtin f/w connected to this ubuntu(i now ubuntu wasnt the safest
choice) router as am subnetting with it), I thought that the f/w from
the ethernet adls modems was gonna be enough, but as soon as the wxp
machines get on the internet, they got "infected" with trojans, and
these "infected" machines infect
all the others, so all the workstations end up having trojans. Now these
trojans are able to bring down the ethernet adsl routers, so there is
no
access to the internet at all.
thru iptraf i can see that what is happening is a kind of connection
with an external IP address of the like of "10.1.198.34" thru the
client port range of 3000:6000, to the extarnal IP thru the port 445
(and sometimes the oposite, but when am blocking ports or ips
everything just change to a different client port or simply external
IP(if is not already doing it) and over and over again....
Any thoughts on this (as am not running iptables is there any way to
stop this with them)
Thanks for your time
--
Raúl Martínez Sánchez
Reply to: