Re: net protection - firewalls
--- John Summerfield <debian@ComputerDatasafe.com.au>
wrote:
> Hosts on the internet can only connect to other
> hosts that they can see.
> In you case, they can see your gateway, but not the
> rest of the LAN.
>
> Mostly, hosts on the internet can only connect to
> ports that are open.
>
> I say "mostly," because there have been bugs in
> various IP stacks that
> allowed other hosts to do evil things without
> finding an open port.
> Probably the most famous was Teardrop that
> affected, amongst other
> things, Windows 95, Windows 98 (well after the fix
> for Windows 95 was
> released!) and Linux. Famously, the Linux fix was
> available in less than
> 24 hours.
>
> Mostlly, though, attacks succeed through open ports
> such as 25 (incoming
> mail) 80 (web servers) and such. Actually, a
> firewall isn't going to do
> a lot to help you there _unless_ you have one that
> detects bad traffic
> (such as connects to ports nobody has any business
> connecting to on
> _your_ system) and then denies access to from the
> bad side to all your
> network.
>
> ISPs could do a lot of good here by detecting code
> red (it's still
> around) and other nasties and
> a) Shutting down sources in their own networks
> b) shutting out sources from outside their networks.
>
> You can use firewall software on your gateway to
> block and log all
> traffic you don't want. You will see lots of traffic
> from people
> hammering on your door. This can also help to block
> connexions to
> misconfigured daemons on your gateway: if you happen
> to be running
> postgresl there, you could have it listening to all
> IP addresses, but
> connexion from external hosts can't reach it because
> your firewall rules
> block them.
>
> Better, of course, to configure postgresql properly,
> but that can be
> tricky.
>
> Writing firewall rules using iptables is not a task
> for a beginner, and
> there are several higher-level packages available to
> help with the task.
> I use shorewall, but there are others.
>
> Now, despite your firewall, there's traffic that
> comes right through it
> _at your invitation,_ no less! Consider www requests
> such as that 26
> Mbyte SP2 for XP. Email.
>
> Those can do bad things too, and that's where
> content filters such as
> spamassassin (email), MimeDefang (email),
> Squidguard, DansGuardian and
> your AV software come in.
Thanks for taking the time to put together such a
comprehensive answer.
> Fifty bucks please:-)
Yes, well... check's in the post (!) ;)
--
Matt
___________________________________________________________ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com
Reply to: