Firewall Wizards mailing list archives
RE: Vulnerability Response (was: BGP TCP RST Attacks)
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Tue, 1 Jun 2004 13:04:42 -0400 (EDT)
[SNIP]
[...]I have never had a worm or virus since I got interested in security. NEVER. And I use Windows as my primary desktop platform.Because you have one machine to take care of, plus you have some idea what you are doing maybe?
And yet it's not that hard, in 5 years with a teen and sometimes two teens on their desktops, 8 windows boxen and a few SUNS <running open BSD> and a few intel systems running various levels of slackware, all behind an old archaaic gateway, that is mostly open, but, knows the bad windows related ports and the few unix related ports that can be hit with nasties, only one system has suffered a virus infection out of the hoard that has been spewed in the past 5 years. That system was infected due to a teen trusting other teens and getting a /dcc download of nasty. Course the virus remained isolated from the rest of the windows boxen due to they AV sigs being up to date. The point is, certain windows related ports should not be passed from outside in, nor vice versa. M$ has not gotten that right and perhaps never will, so one has to institute measures to ensure that, since the M$ packet filtering FW is so bogus as to work only one way, then put something either in front of the widows box that can block inside out as well as outside in, or replace the windows packet filter with something that does know ingress as well in egress. Rather then trying to beat the vendor into submission, why not sidestep the vendors toys with decent safe replacements and be done with it? Thanks, Ron DuFresne <this has been a great thread, and if Ben will allow me, I may scarf up his little green men and the anal whatch-a-ma-callits line for use later with mgt> -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Vulnerability Response (was: BGP TCP RST Attacks), (continued)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 03)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) Gwendolynn ferch Elydyr (Jun 03)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 03)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Ben Nagy (Jun 04)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 04)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Marcus J. Ranum (Jun 01)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Ben Nagy (Jun 01)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Marcus J. Ranum (Jun 01)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 01)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) R. DuFresne (Jun 01)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) M. Dodge Mumford (Jun 01)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 01)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) Marcus J. Ranum (Jun 01)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 01)