[Gllug] how safe is linux against identity thief
Joel Bernstein
joel at fysh.org
Tue Mar 24 14:56:49 UTC 2009
On 24 Mar 2009, at 13:28, Harry Rickards wrote:
>
> Quoting Joel Bernstein <joel at fysh.org>:
>
>> On 24 Mar 2009, at 11:30, Harry Rickards wrote:
>>
>>> Are you using iptables for the firewall? (I'm not familiar with
>>> Ubuntu
>>> Firewall.)
>>
>> What do you suggest that Lucy would have solved by doing so?
>>
>> Please don't top-post.
> Sorry about the top posting, just forgot. If Lucy had accidently
> installed a piece of malicious software that was running a server on
> the machine, then I believe iptables (if set up correctly) would stop
> remov=te machines connecting to the server.
Whereas another firewall wouldn't? What is "properly"? I'm not clear
what purpose a packet filter will serve in preventing the kind of
problems Lucy is seeing. It sounds like you're suggesting a solution
based on the assumption that the attackers are able to launch a server
on Lucy's machine, accepting inbound network connections from the
Internet, and that they will be prevented from doing so by setting a
default firewall policy to deny/drop new connections from the external
interface? This might be correct, although if they can launch servers
on low ports they presumably already have root and can fiddle with
iptables anyway. I think it's a false premise to assume that a
firewall would protect against social engineering, or indeed against
DNS poisoning/hijacking, MITM attacks, etc. But maybe you can explain
it differently for a little-braned bear such as me to understand.
/joel
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list