G'day Bob

30 May 04 13:37, Bob Lawrence wrote to David Drummond:

 BL>> I remember a few years ago, when Keith ran a fancy new firewall
 BL>> that monitored all his ports. He said he was getting an average
 BL>> of two or three attacks every day! And some of them were
 BL>> persistent.

 DD>> Many are not "attacks" - merely something
"feeling" ports.

 BL>  Well... how can you tell which? Keith assumed it was an attack, and
 BL> so do I.

I have personally run port scanners over the internet. I was not attacking
anything, merely trying to gain an idea of what was at the other end. The
scanner communicates with the various ports and reports back if they're
active, and what (it thinks) is responding thereon.

 BL>> The Internet connects you to the entire world, and it is the
 BL>> height of hubris for you to say that you can beat them all. If
 BL>> Bill Gates can't beat them...

 DD>> The firewall people can, Linux can.

 BL>  Oh, yair?

Yair!

If the firewall is not configured to forward on the packet on a particular
port, that packet is just dropped.
[...]
 DD>>> Do not connect a Windows machine directly to the outside world
 DD>>> without first installing a firewall package that isn't made by
 DD>>> Microsoft. 

 BL>> It's not just Microsoft, David. Any well-known firewall runs
 BL>> the same sort of risk of penetration - especially if they use
 BL>> the same Windows O/S. I've seen it happen with Borland and
 BL>> Norton. They are really just another version of Microsoft.

That's why I don't have windows connected direct to the outside world here.
In fact, I don't have linux connected to the outside workd either (for over
a year now) and yet I'm connected 24/7 with a mail server and a Web server
running.
[...]
 BL>  It's a question of odds. Every time you run an EXE, you take a risk.
 BL> I bought this computer with half-a-dozen driver CDs, most of them
 BL> burned in China... so I take a risk. My approach is that once I've 
 BL> got it loaded, and it's working... I never update. You update daily. What
 BL> the *actual* risk is, I don't know, but your exposure is a thousand
 BL> times greater than mine.

I don't update any EXEs daily, just a datafile of virus IDs.

 DD>> If you're serious about the Linux box being a router/firewall
 DD>> only take a look at one of the single diskette router
 DD>> distributions of it (LRP or Freesco or such). These boot from a
 DD>> wite protected floppy, load inot a RAM drive and run from
 DD>> there. If something odd happens, just reboot and it
 DD>> automatically runs a "clean" copy. 

 BL>  I've thought of that, but it's not such a big deal with these fast
 BL> CPUs and drives. I can run a backup for the entire drive in 3 
 BL> minutes.

You still have to ensure that YOUR configuration of Linux is secure
(especially Red Hat and Suse - they used to have everything turned on by
default like Windows). The single diskette versions don't have things
turned on by default - in most cases, the things aren't even included in
the distribution.

Regards,
David

--- Msged/LNX TE 06 (pre)