[Klug-general] Linux to offer a paradigm-shift in computer
security
Karl Lattimer
karl at qdh.org.uk
Wed Nov 28 16:17:39 GMT 2007
On Wed, 2007-11-28 at 15:34 +0000, Peter Childs wrote:
>
>
> On 28/11/2007, Karl Lattimer <karl at qdh.org.uk> wrote:
> OK, this is bad advice ^^ see bad advice... The firewall in
> windows is
> the only thing stopping the slammer worm and a bunch of
> others. Don't
> switch it off because it is added bloat!!!! It isn't, the
> standard
> windows firewall is an adequate solution its not ideal but it
> WORKS for
> the purposes it is intended, protecting windows' penchant for
> opening
> ports on LAN networks.
>
>
> If its a worm the virus protection should have stopped it. A Firewall
> will not stop a worm.
>
The biggest load of shit I've ever heard!!!!
A WORM/REMOTE EXPLOIT CAN ATTACK USING A BUFFER OVERFLOW EXPLOIT AGAINST
AN OPEN PORT FOR INSTANCE, A FIREWALL BLOCKS THIS INITIAL ATTACK RATHER
THAN REMOVING THE MALWARE AFTER INFECTION HAS TAKEN PLACE!
Anti-virus is a damage limitation tool (and by no means perfect,
generally leaving a few twitching tendrils of malware), not an active
interrogator of incoming traffic like DEEP PACKET INSPECTION, firewalls
ultimately prevent services being exploited in the most part by blocking
access to certain ports.
> A firewall is a dedicated appliance, or software running on another
> computer, which inspects network traffic passing through it, and
> denies or permits passage based on a set of rules.
appliance meaning... a computer with software in it? And why does it
need to be dedicated? I mean if my web server is in a DMZ its gonna have
ip tables on it!
> see http://en.wikipedia.org/wiki/Firewall_(networking)
Of course, you get all your knowledge regarding firewalls from
wikipedia, not erm... I dunno Cisco internetworking systems (great free
as in beer book) or the netfilter mailing list, or the countless white
papers on IP Tables you've read.
Oh right, so you're an authority, that makes everything different!
> The windows "Firewall" does do something useful in that it stop
> certain types of Spyware, Viruses, Worms etc but it is not a Firewall
> the the original sense of the work and there is no reason why a too
> calling its self Spyware protection will not in fact do the same job.
Now, can you please not tell me things like "The windows "Firewall" does
do something useful in that it stop certain types of Spyware, Viruses,
Worms etc" after saying "A Firewall will not stop a worm." because it
only reflects badly on yourself.
The truth of the matter is the general attack vector for spyware is the
web browser. Viruses are generally transmitted by people via email scams
and other social engineering attacks (although it was floppy discs and
boot sectors), worms propagate themselves using in built exploitation
techniques across networks, not unlike a lone cracker would although
automated.
The sasser worm attacked the LSASS service on windows systems via an
open port, it injected a heap overflow if memory serves and then
downloaded a bunch of crud in the background and loaded the machine up
with crap. By simply blocking the affected port using a firewall the
attack could have been prevented, windows XP SP1 was effected by it and
that's when MS decided to bundle a firewall in SP2.
The windows firewall is a port blocker, it blocks ports, which is
exactly what you need from it. Nothing more nothing less, if you'd like
to debate firewalls further then by all means in private. I've actually
developed 2 commercially successful firewall products in the past, using
ipchains and iptables so I do know a thing or two about them.
K,
PS. I did actually mean to mention the sasser worm in my initial post re
the worth of firewalls, but slammer and sasser sound so similar! :P
PPS. Sorry about the excessive caps, but bad advice and inaccurate
information regarding security is one of my pet peeves, its this kind of
willful ignorance and to some degree arrogance that causes wide spread
misconception which leads to security becoming a joke.
More information about the Kent
mailing list