[Nottingham] Ubuntu/firewalls (lack of)/wine

[Martin]

Alan Pope wrote:
> On Tue, 21 Dec 2004 17:21:35 +0000, Martin <martin at ml1.co.uk> wrote:
[...]
>>Quite right too. The firewall would be completely superfluous!
>>
>>>This is obviously
>>>one for discussion.
>>
>>Discuss: Why would a firewall be needed or wanted?
>>
> 
> 
> A program (e.g. a virus) could run and open a port (above 1024) with a
> telnet/ftp/whatever server on it, then ping out to the net and let
> someone shell/ftp/whatever in to your machine..

Yes, assuming first that a user has deliberately or otherwise been duped 
into installing a malicious program and then explicitly run it.

Any damage would be to their user space and possibly a partial DoS 
depending on what resources are gobbled up. It could give an attacker a 
shell to play at opening other exploits...


> A firewall would stop them getting in,

In the first place, no.

Once the malware is installed, a firewall may restrict what ports could 
then be abused.

Or are you thinking Micro-Soft-in-the-head Everything Enabled Holy 
Unsecurity?

> and may (depending upon your
> rules) stop the rogue program calling out.

Most firewalls are very lazyly configured to let everything out and 
anything related back in.

If you are alert enough to add restrictions, then you likely wouldn't 
have the malware installed in the first place!

And if you use the machine for web browsing, then various ports are left 
open regardless.


> Unlikely, but entirely possible.

And likely even with a fully secured firewall, you've left port 80 open 
so that you can surf the web... Hence the firewall is still superfluous 
other than adding a few restrictions and adding to the admin overheads.


Next?

Cheers,
Martin


-- 
----------------
Martin Lomas
martin at ml1.co.uk
----------------